Bug 8248 - libxml2 new security issue CVE-2012-5134
: libxml2 new security issue CVE-2012-5134
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/527719/
: MGA1TOO has_procedure mga1-32-OK mga1...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-11-30 14:04 CET by David Walser
Modified: 2012-11-30 23:31 CET (History)
3 users (show)

See Also:
Source RPM: libxml2
CVE:


Attachments

Description David Walser 2012-11-30 14:04:28 CET
RedHat has issued an advisory on November 29:
https://rhn.redhat.com/errata/RHSA-2012-1512.html
Comment 1 David Walser 2012-11-30 16:30:11 CET
Patched package uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated libxml2 packages fix security vulnerability:

Heap-based buffer underflow, in the xmlParseAttValueComplex function in
parser.c in libxml2 2.9.0 and earlier, allows remote attackers to cause a
denial of service or possibly execute arbitrary code via crafted entities
in an XML document (CVE-2012-5134).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
https://rhn.redhat.com/errata/RHSA-2012-1512.html
========================

Updated packages in core/updates_testing:
========================
libxml2_2-2.7.8-9.8.mga1
libxml2-utils-2.7.8-9.8.mga1
libxml2-python-2.7.8-9.8.mga1
libxml2-devel-2.7.8-9.8.mga1
libxml2_2-2.7.8-14.20120229.4.mga2
libxml2-utils-2.7.8-14.20120229.4.mga2
libxml2-python-2.7.8-14.20120229.4.mga2
libxml2-devel-2.7.8-14.20120229.4.mga2

from SRPMS:
libxml2-2.7.8-9.8.mga1.src.rpm
libxml2-2.7.8-14.20120229.4.mga2.src.rpm
Comment 2 David Walser 2012-11-30 16:31:26 CET
Testing procedure here:
https://wiki.mageia.org/en/QA_procedure:Libxml2
Comment 3 claire robinson 2012-11-30 16:56:06 CET
Testing complete mga2 32
Comment 4 claire robinson 2012-11-30 17:19:05 CET
Testing complete mga1 32 & 64 and Mga2 64

Validating

SRPMs and advisory in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 5 Thomas Backlund 2012-11-30 23:31:55 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0350

Note You need to log in before you can comment on or make changes to this bug.