CVE-2007-6284
CVSS5.0
发布时间 :2008-01-11 21:46:00
修订时间 :2017-09-28 21:29:52
NMCOPS    

[原文]The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.


[CNNVD]libxml2 xmlCurrentChar()函数 UTF-8解析远程拒绝服务漏洞(CNNVD-200801-169)

        libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。
        libxml库在处理包含畸形数据的XML文件时存在漏洞,远程攻击者可能利用此漏洞导致系统不可用。
        libxml库的UTF-8解码函数xmlCurrentChar()没有检查UTF-8的正确性,如果用户使用链接到该库的应用程序打开了包含有多字节组合的畸形XML内容的话,就会导致函数库陷入死循环挂起,消耗大量系统资源。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.1Debian Debian Linux 3.1
cpe:/o:debian:debian_linux:4.0Debian GNU/Linux 4.0
cpe:/o:debian:debian_linux:3.1::hppa
cpe:/o:debian:debian_linux:4.0::hppa
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0MandrakeSoft Mandrake Corporate Server 3.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0MandrakeSoft Mandrake Corporate Server 4.0
cpe:/o:redhat:fedora:8Red Hat fedora 8
cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64
cpe:/o:mandrakesoft:mandrake_linux:2007MandrakeSoft Mandrake Linux 2007.0
cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86_64
cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86_64
cpe:/o:redhat:fedora:7Fedora 7
cpe:/o:mandrakesoft:mandrake_linux:2007.1MandrakeSoft Mandrake Linux 2007.1
cpe:/o:debian:debian_linux:3.1::ppc
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64
cpe:/o:debian:debian_linux:3.1::ia-64
cpe:/o:debian:debian_linux:4.0::ia-64
cpe:/o:mandrakesoft:mandrake_linux:2008.0MandrakeSoft Mandrake Linux 2008.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64
cpe:/o:debian:debian_linux:3.1::alpha
cpe:/o:debian:debian_linux:4.0::alpha
cpe:/o:debian:debian_linux:3.1::s-390
cpe:/o:debian:debian_linux:4.0::s-390
cpe:/o:debian:debian_linux:3.1::m68k
cpe:/o:debian:debian_linux:4.0::m68k
cpe:/o:debian:debian_linux:3.1::mips
cpe:/o:debian:debian_linux:4.0::mips
cpe:/o:debian:debian_linux:3.1::arm
cpe:/o:debian:debian_linux:3.1::sparc
cpe:/o:debian:debian_linux:4.0::arm
cpe:/o:debian:debian_linux:4.0::sparc
cpe:/o:debian:debian_linux:3.1::mipsel
cpe:/o:debian:debian_linux:4.0::mipsel
cpe:/o:debian:debian_linux:3.1::amd64
cpe:/o:debian:debian_linux:4.0::amd64
cpe:/o:debian:debian_linux:4.0::powerpc
cpe:/o:debian:debian_linux:3.1::ia-32
cpe:/o:debian:debian_linux:4.0::ia-32

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5216Security Vulnerability in the libxml2 Library May Lead to a Denial of Service (DoS)
oval:org.mitre.oval:def:11594The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML...
oval:org.mitre.oval:def:22637ELSA-2008:0032: libxml2 security update (Important)
oval:org.mitre.oval:def:8180DSA-1461 libxml2 -- missing input validation
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6284
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200801-169
(官方数据源) CNNVD

- 其它链接及资源

http://bugs.gentoo.org/show_bug.cgi?id=202628
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=202628
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2008-07-11
http://lists.vmware.com/pipermail/security-announce/2008/000009.html
(UNKNOWN)  MLIST  [Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package
http://mail.gnome.org/archives/xml/2008-January/msg00036.html
(UNKNOWN)  SECUNIA  28444
http://security.gentoo.org/glsa/glsa-200801-20.xml
(UNKNOWN)  GENTOO  GLSA-200801-20
http://securitytracker.com/id?1019181
(UNKNOWN)  SECTRACK  1019181
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1
(UNKNOWN)  SUNALERT  103201
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1
(UNKNOWN)  SUNALERT  201514
http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm
http://www.debian.org/security/2008/dsa-1461
(UNKNOWN)  DEBIAN  DSA-1461
http://www.mandriva.com/security/advisories?name=MDVSA-2008:010
(UNKNOWN)  MANDRIVA  MDVSA-2008:010
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
(UNKNOWN)  SUSE  SUSE-SR:2008:002
http://www.redhat.com/support/errata/RHSA-2008-0032.html
(PATCH)  REDHAT  RHSA-2008:0032
http://www.securityfocus.com/archive/1/archive/1/486410/100/0/threaded
(UNKNOWN)  BUGTRAQ  20080115 rPSA-2008-0017-1 libxml2
http://www.securityfocus.com/archive/1/archive/1/490306/100/0/threaded
(UNKNOWN)  BUGTRAQ  20080329 VMSA-2008-0006 Updated libxml2 service console package
http://www.securityfocus.com/bid/27248
(UNKNOWN)  BID  27248
http://www.ubuntulinux.org/support/documentation/usn/usn-569-1
(UNKNOWN)  UBUNTU  USN-569-1
http://www.vupen.com/english/advisories/2008/0117
(UNKNOWN)  VUPEN  ADV-2008-0117
http://www.vupen.com/english/advisories/2008/0144
(UNKNOWN)  VUPEN  ADV-2008-0144
http://www.vupen.com/english/advisories/2008/1033/references
(UNKNOWN)  VUPEN  ADV-2008-1033
http://www.vupen.com/english/advisories/2008/2094/references
(UNKNOWN)  VUPEN  ADV-2008-2094
http://www.xmlsoft.org/news.html
(UNKNOWN)  CONFIRM  http://www.xmlsoft.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=425927
(UNKNOWN)  MISC  https://bugzilla.redhat.com/show_bug.cgi?id=425927
https://issues.rpath.com/browse/RPL-2121
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-2121
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html
(UNKNOWN)  FEDORA  FEDORA-2008-0462
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html
(UNKNOWN)  FEDORA  FEDORA-2008-0477

- 漏洞信息

libxml2 xmlCurrentChar()函数 UTF-8解析远程拒绝服务漏洞
中危 资源管理错误
2008-01-11 00:00:00 2008-01-11 00:00:00
远程  
        libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。
        libxml库在处理包含畸形数据的XML文件时存在漏洞,远程攻击者可能利用此漏洞导致系统不可用。
        libxml库的UTF-8解码函数xmlCurrentChar()没有检查UTF-8的正确性,如果用户使用链接到该库的应用程序打开了包含有多字节组合的畸形XML内容的话,就会导致函数库陷入死循环挂起,消耗大量系统资源。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        VideoLAN VLC media player 0.8.6f
        VideoLAN VLC media player 0.8.6h
        http://www.videolan.org/vlc/
        Sun Solaris 10
        Sun T125731-02.zip
        http://sunsolve.sun.com/patchDownload.do?target=T125731-02.zip
        VideoLAN VLC media player 0.8.6b
        VideoLAN VLC media player 0.8.6h
        http://www.videolan.org/vlc/
        VideoLAN VLC media player 0.8.6e
        VideoLAN VLC media player 0.8.6h
        http://www.videolan.org/vlc/
        VideoLAN VLC media player 0.8.6 g
        VideoLAN VLC media player 0.8.6h
        http://www.videolan.org/vlc/
        VideoLAN VLC media player 0.8.6 d
        VideoLAN VLC media player 0.8.6h
        http://www.videolan.org/vlc/
        VideoLAN VLC media player 0.8.6
        VideoLAN VLC media player 0.8.6h
        http://www.videolan.org/vlc/
        

- 漏洞信息 (F65008)

VMware Security Advisory 2008-0006 (PacketStormID:F65008)
2008-03-29 00:00:00
VMware  vmware.com
advisory
CVE-2007-6284
[点击下载]

VMware Security Advisory - VMware has released an updated libxml2 package that addresses a security issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
~                   VMware Security Advisory

Advisory ID:       VMSA-2008-0006
Synopsis:          Updated libxml2 service console package
Issue date:        2008-03-28
Updated on:        2008-03-28 (initial release of advisory)
CVE number:        CVE-2007-6284
- -------------------------------------------------------------------

1. Summary:

~   Updated libxml2 package addresses a security issue.

2. Relevant releases:

~   VMware ESX 2.5.5 before Upgrade Patch 6
~   VMware ESX 2.5.4 before Upgrade Patch 17


NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
and Bug fixes) is 10/08/2008.  Users should plan to upgrade to at least
2.5.5 and preferably the newest release available before the end of
extended support.

ESX Server prior to 2.5.4 are no longer in Extended Support.  Users
should upgrade to a supported version of the product.

The VMware Infrastructure Support Life Cycle Policy can be
found here:  http://www.vmware.com/support/policies/eos_vi.html


3. Problem description:

~   Updated libxml2 package to address a denial of service flaw.

~   Thanks to the Google security team for identifying and reporting
~   this issue.

~   The Common Vulnerabilities and Exposures project (cve.mitre.org)
~   has assigned the name CVE-2007-6284 to this issue.

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

ESX 2.5.5 Upgrade Patch 6
http://download3.vmware.com/software/esx/esx-2.5.5-78667-upgrade.tar.gz
md5sum:   b4d5e98cc175a507e8f89d9c7b993e2c
http://vmware.com/support/esx25/doc/esx-255-200803-patch.html

ESX 2.5.4 Upgrade Patch 17
http://download3.vmware.com/software/esx/esx-2.5.4-78717-upgrade.tar.gz
md5sum:   827406844dacba92f695980f49119465
http://vmware.com/support/esx25/doc/esx-254-200803-patch.html

5. References:

~   CVE numbers
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284

- -------------------------------------------------------------------
6. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~  * security-announce@lists.vmware.com
~  * bugtraq@securityfocus.com
~  * full-disclosure@lists.grok.org.uk

E-mail:  security@vmware.com

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH7Y4TS2KysvBH1xkRCN8OAJ0eVZsU0UdJ3Uxq13lwL8aqHNGQDgCeO6I4
GQohVVhkDGpY15oIWJudPxw=
=QvVA
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F63140)

Gentoo Linux Security Advisory 200801-20 (PacketStormID:F63140)
2008-01-31 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2007-6284
[点击下载]

Gentoo Linux Security Advisory GLSA 200801-20 - Brad Fitzpatrick reported that the xmlCurrentChar() function does not properly handle some UTF-8 multibyte encodings. Versions less than 2.6.30-r1 are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200801-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: libxml2: Denial of Service
      Date: January 30, 2008
      Bugs: #202628
        ID: 200801-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A Denial of Service vulnerability has been reported in libxml2.

Background
==========

libxml2 is the XML (eXtended Markup Language) C parser and toolkit
initially developed for the Gnome project.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /   Vulnerable   /                   Unaffected
    -------------------------------------------------------------------
  1  dev-libs/libxml2      < 2.6.30-r1                    >= 2.6.30-r1

Description
===========

Brad Fitzpatrick reported that the xmlCurrentChar() function does not
properly handle some UTF-8 multibyte encodings.

Impact
======

A remote attacker could entice a user to open a specially crafted XML
document with an application using libxml2, possibly resulting in a
high CPU consumption. Note that this vulnerability could also be
triggered without user interaction by an automated system processing
XML content.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libxml2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.6.30-r1"

References
==========

  [ 1 ] CVE-2007-6284
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200801-20.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHoP7JuhJ+ozIKI5gRAkMZAKCF6o0hVemWvGX0T/dhTT65VSj6BACfbjVP
/gq7Lknkq1FRSJhkx76bT8I=
=t8VA
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F62617)

Ubuntu Security Notice 569-1 (PacketStormID:F62617)
2008-01-15 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2007-6284
[点击下载]

Ubuntu Security Notice 569-1 - Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.

=========================================================== 
Ubuntu Security Notice USN-569-1           January 14, 2008
libxml2 vulnerability
CVE-2007-6284
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxml2                         2.6.24.dfsg-1ubuntu1.1

Ubuntu 6.10:
  libxml2                         2.6.26.dfsg-2ubuntu4.1

Ubuntu 7.04:
  libxml2                         2.6.27.dfsg-1ubuntu3.1

Ubuntu 7.10:
  libxml2                         2.6.30.dfsg-2ubuntu1.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Brad Fitzpatrick discovered that libxml2 did not correctly handle certain
UTF-8 sequences.  If a remote attacker were able to trick a user or
automated system into processing a specially crafted XML document, the
application linked against libxml2 could enter an infinite loop, leading
to a denial of service via CPU resource consumption.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.1.diff.gz
      Size/MD5:    58151 14f48b349e2a6b6ce695401dbf57fdcc
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.1.dsc
      Size/MD5:      894 21632294a2c1c8011f4193fe4b2b38cf
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg.orig.tar.gz
      Size/MD5:  3293814 461eb1bf7f0c845f7ff7d9b1a4c4eac8

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.24.dfsg-1ubuntu1.1_all.deb
      Size/MD5:  1252744 b5a8e6f167c240aca1ce9043a8f0d937
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.24.dfsg-1ubuntu1.1_all.deb
      Size/MD5:    18890 d09f50ac3678dcb4c10763a788e54442

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.1_amd64.deb
      Size/MD5:   917374 5fa596e88c231b233d7cfcd1212841a4
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.1_amd64.deb
      Size/MD5:   736776 245e0057a499d22faa4d3bdd37987d07
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.1_amd64.deb
      Size/MD5:    36700 d019bea4d49a15a3b374300cccc8fffd
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.1_amd64.deb
      Size/MD5:   751990 ec666dfdecb573c581bc495a9518d13d
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.1_amd64.deb
      Size/MD5:   181660 5e34cf00bdb8d15b79bd1827a49b5b18

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.1_i386.deb
      Size/MD5:   765424 35509e4751ecba58c3d1b5576cb0da9d
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.1_i386.deb
      Size/MD5:   641078 94196c0fdf434299a97d84ee81085532
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.1_i386.deb
      Size/MD5:    32978 e325977162a24c6b0b66c0565234ff43
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.1_i386.deb
      Size/MD5:   684132 12823417ff1e678e76e748bf144bb23e
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.1_i386.deb
      Size/MD5:   166432 cf4a991ece17342ef7db3be6bc609bb5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.1_powerpc.deb
      Size/MD5:   903834 97da6381510998b5c5b0680a0043dd87
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.1_powerpc.deb
      Size/MD5:   760458 f11467ac2015a1a3b8972be7781b67a6
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.1_powerpc.deb
      Size/MD5:    37430 b8828a5d10cccd80c6d52852312a8115
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.1_powerpc.deb
      Size/MD5:   732852 52d7fbd22e1998f6637f153bfa91c3c3
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.1_powerpc.deb
      Size/MD5:   170818 6a8aea50a49f9f4f257d8e790307d255

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.1_sparc.deb
      Size/MD5:   744628 6f75bd45c1f8f045e175b55a1e4c54fc
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.1_sparc.deb
      Size/MD5:   702826 cd9a12cbd5c657502d9537bbfd7ff985
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.1_sparc.deb
      Size/MD5:    34318 be052727daaa6f8d404431ebd2877620
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.1_sparc.deb
      Size/MD5:   715988 94336bfbfcceaa0ee95490b9d714a440
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.1_sparc.deb
      Size/MD5:   174778 e86fe896b8f6eae184c476fcbf162c02

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg-2ubuntu4.1.diff.gz
      Size/MD5:   136421 b2535790742a2400d93491b54cbabbfa
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg-2ubuntu4.1.dsc
      Size/MD5:      925 48a2f327de2696b6572534b371337991
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg.orig.tar.gz
      Size/MD5:  3312920 d68254670f98586610c85a6f6020dc0e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.26.dfsg-2ubuntu4.1_all.deb
      Size/MD5:  1281404 d810d36589a1ae5ee424da463ad88afe

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.26.dfsg-2ubuntu4.1_amd64.deb
      Size/MD5:   888700 2984129eb3c535d1b232eef99a2af97a
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.26.dfsg-2ubuntu4.1_amd64.deb
      Size/MD5:   744272 4e49079b0c8dc2c639ce30ee701d906d
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.26.dfsg-2ubuntu4.1_amd64.deb
      Size/MD5:    36698 7769d6aa4037d1919cd60db8289c2084
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg-2ubuntu4.1_amd64.deb
      Size/MD5:   788598 59f5046418a2ee99ef78164551a066f6
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.26.dfsg-2ubuntu4.1_amd64.deb
      Size/MD5:   279520 a0066e95d8efd81c6381a9d56ff9b1b9
    http://security.ubuntu.com/ubuntu/pool/universe/libx/libxml2/libxml2-udeb_2.6.26.dfsg-2ubuntu4.1_amd64.udeb
      Size/MD5:   560410 0fdec92f80ed894c6767404d8ec7c565

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.26.dfsg-2ubuntu4.1_i386.deb
      Size/MD5:   842804 f8f198d554d74e015a2d00dc96bd603a
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.26.dfsg-2ubuntu4.1_i386.deb
      Size/MD5:   670214 2c3826acd16299d0097b128a61f8bf63
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.26.dfsg-2ubuntu4.1_i386.deb
      Size/MD5:    33862 388a50d26fb13b9fa5a1c9915ea4f8cd
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg-2ubuntu4.1_i386.deb
      Size/MD5:   741588 027e11b90dd6adef637d4798c7375768
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.26.dfsg-2ubuntu4.1_i386.deb
      Size/MD5:   251048 d1389a08b347e4ef3d6c76a54064cbb9
    http://security.ubuntu.com/ubuntu/pool/universe/libx/libxml2/libxml2-udeb_2.6.26.dfsg-2ubuntu4.1_i386.udeb
      Size/MD5:   513086 bcee2a49d0e314fa213810b8e4b97809

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.26.dfsg-2ubuntu4.1_powerpc.deb
      Size/MD5:   889140 008f3ac23423228e3ebe2d708b1090ab
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.26.dfsg-2ubuntu4.1_powerpc.deb
      Size/MD5:   770812 015b150f481eb023536ade64ec4a7322
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.26.dfsg-2ubuntu4.1_powerpc.deb
      Size/MD5:    37738 b8b8e93ebddaa90a7075cdebd44a7a83
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg-2ubuntu4.1_powerpc.deb
      Size/MD5:   772872 cee458f4f2cb4fe0aa02ce6e8249950b
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.26.dfsg-2ubuntu4.1_powerpc.deb
      Size/MD5:   258376 594831d0d50c7cab41e051871f7feceb
    http://security.ubuntu.com/ubuntu/pool/universe/libx/libxml2/libxml2-udeb_2.6.26.dfsg-2ubuntu4.1_powerpc.udeb
      Size/MD5:   545034 0868b828ddf585d7b6574aae9d1be648

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.26.dfsg-2ubuntu4.1_sparc.deb
      Size/MD5:   774044 cac1fd92280a79c321c8294f018e011c
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.26.dfsg-2ubuntu4.1_sparc.deb
      Size/MD5:   712790 bb54bef9eb96a8461de01d4f7c64454a
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.26.dfsg-2ubuntu4.1_sparc.deb
      Size/MD5:    34714 62155a5428112a23d8987f4ff0f979af
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.26.dfsg-2ubuntu4.1_sparc.deb
      Size/MD5:   754196 cc2e93dd44027feba2e335a062c0cb48
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.26.dfsg-2ubuntu4.1_sparc.deb
      Size/MD5:   267350 4096e4efe121a62060938658af688bb6
    http://security.ubuntu.com/ubuntu/pool/universe/libx/libxml2/libxml2-udeb_2.6.26.dfsg-2ubuntu4.1_sparc.udeb
      Size/MD5:   526494 878ec3a5be598b0e8a0a6e9c4f600347

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.1.diff.gz
      Size/MD5:   144224 1b9751ddbf05b8bc6ef29b42634cd535
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.1.dsc
      Size/MD5:     1063 65dfc487e7e3ba42a2419fb26d5e2b56
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
      Size/MD5:  3416175 5ff71b22f6253a6dd9afc1c34778dec3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-1ubuntu3.1_all.deb
      Size/MD5:  1293068 2a1c600d0be9f81696bff341943bfeb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_amd64.deb
      Size/MD5:   894350 acbcf6a5f1e99eb6b9642b934dcb65a2
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.1_amd64.deb
      Size/MD5:   747332 749b56c662bb0df8acb9ee25525e626d
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.1_amd64.udeb
      Size/MD5:   574950 ff23905600521aed69b26a61da363e44
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.1_amd64.deb
      Size/MD5:    37142 8c7e56d3d36823e4184bf44266fa4aa2
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.1_amd64.deb
      Size/MD5:   809100 4693394cfd10fc8dc104929cb83f1460
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_amd64.deb
      Size/MD5:   862202 7f117367690090ed4f069536b4b250c7
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.1_amd64.deb
      Size/MD5:   292868 e2f635dd4078e17064aab37c2cdc8798

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_i386.deb
      Size/MD5:   850434 6fdf712e6fe60c07a4b99a40aef4db49
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.1_i386.deb
      Size/MD5:   672400 5a3a0e6fb684b455564ddd9235062db0
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.1_i386.udeb
      Size/MD5:   526900 262d4eca6c69ad63a218a2b45e593747
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.1_i386.deb
      Size/MD5:    34226 bb8a5e189e2f119f1568cfea799a8e99
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.1_i386.deb
      Size/MD5:   760988 7fceec70a5be5ece3cfe03cc898f1275
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_i386.deb
      Size/MD5:   788584 f4c0a0097fa2b5f8f80a3acede4c9644
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.1_i386.deb
      Size/MD5:   262456 2060ff7ca434ce395a2fa234d3e152e2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_powerpc.deb
      Size/MD5:   895514 8f93c23c7fc5e2b3d17e08f1bd2d18ac
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.1_powerpc.deb
      Size/MD5:   773952 50226e5dc1f74b989d9f0ff228b28ebf
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.1_powerpc.udeb
      Size/MD5:   559270 5834b5824a221fbccc3a93b96724c5d8
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.1_powerpc.deb
      Size/MD5:    42338 dacf911b83e202c81f8cfedd7bfcd356
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.1_powerpc.deb
      Size/MD5:   793922 f54bcc563218cff154dcc030688ef2f0
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_powerpc.deb
      Size/MD5:   855946 fb2af13aa01a8c632af50fe36de8188f
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.1_powerpc.deb
      Size/MD5:   286500 321019238a735572b57c529211723b91

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_sparc.deb
      Size/MD5:   787760 3139c39add7412823144807b24db05bb
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.1_sparc.deb
      Size/MD5:   715026 3edbe6b65f3718274176906985b62e08
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.1_sparc.udeb
      Size/MD5:   538624 a341ec59dfb434ea1b91f3683b3e884c
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.1_sparc.deb
      Size/MD5:    36404 220371974ed6f7884d3fb688999e67a2
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.1_sparc.deb
      Size/MD5:   773140 6fc5d9c69d785a5516a6ae5b34cb174a
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.1_sparc.deb
      Size/MD5:   816036 60e7562b076f63637713fcdd2f790225
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.1_sparc.deb
      Size/MD5:   278892 3eda4635ec4ac8f23a910e02b95bd4d5

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.1.diff.gz
      Size/MD5:   176683 a4ce83a6ea098404db907d1d2f72d38f
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.1.dsc
      Size/MD5:     1063 b600047363cafb8c24d516c65925a6fa
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg.orig.tar.gz
      Size/MD5:  3433982 fe52a06fd8f104308271eb7093a0b644

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.30.dfsg-2ubuntu1.1_all.deb
      Size/MD5:  1300034 4e288d846923596cf7aa37fa67d50185

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_amd64.deb
      Size/MD5:   894548 c872ec5c6116b49bd87dd39f79528e22
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.1_amd64.deb
      Size/MD5:   752442 a2ee24366619719f9556982ac22a27db
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.1_amd64.udeb
      Size/MD5:   578210 8e1d3536be984352302938567ee87f2b
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.1_amd64.deb
      Size/MD5:    37190 65e1c1f2c52f02442ccce2c140ce3926
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.1_amd64.deb
      Size/MD5:   818380 b1400d105831b7bf559dfd2ba20be488
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_amd64.deb
      Size/MD5:   863728 a4d843958eb81f23a19cbb7cf019a6c9
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.1_amd64.deb
      Size/MD5:   293804 0004d579e3b2255a42d6abc63ed68ab4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_i386.deb
      Size/MD5:   853540 eacc403b4d7812ddd9d1c7cd286b64a1
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.1_i386.deb
      Size/MD5:   674934 fcb3481343e49c88337154c07dba4c94
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.1_i386.udeb
      Size/MD5:   528812 0201712d54449b6af47aaf4b3baa477f
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.1_i386.deb
      Size/MD5:    34248 adea2bfdbfcc440f476cbf43716a8425
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.1_i386.deb
      Size/MD5:   769740 7589866a03671cb95e29d997a80d7b3a
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_i386.deb
      Size/MD5:   792272 674ef80d3e356b1c6e72a7a9668e0b0f
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.1_i386.deb
      Size/MD5:   263080 b31371b9e3a6870033b1c8d6c0353694

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_powerpc.deb
      Size/MD5:   896016 7f6d612c8301755b77dd01363c19dfc0
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.1_powerpc.deb
      Size/MD5:   776966 a5123512f62a64178289a8b735a45aff
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.1_powerpc.udeb
      Size/MD5:   561218 ca3cc3d56852b2f241fc9780f6d7e539
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.1_powerpc.deb
      Size/MD5:    42344 91bac63b9249ac922074704e69758781
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.1_powerpc.deb
      Size/MD5:   801824 81ff7f9fc82fcf539c94e2333cbcc830
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_powerpc.deb
      Size/MD5:   857754 e589ed34a6231213d688c31a4a40777e
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.1_powerpc.deb
      Size/MD5:   287274 6d21408e1221dafbf99cdb24c2626c93

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_sparc.deb
      Size/MD5:   786524 7c03f943618178e6815320f729078328
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.1_sparc.deb
      Size/MD5:   718066 dc222079aa90d18323d092e49a875b51
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.1_sparc.udeb
      Size/MD5:   541086 b0dea5f83fbefb371da3f9dfbfae3221
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.1_sparc.deb
      Size/MD5:    36496 cd9a0242a62de70d53ec73f174623918
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.1_sparc.deb
      Size/MD5:   780846 3c2454be99253bcd16ecedabe59cb068
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.1_sparc.deb
      Size/MD5:   815844 525b901dbcc7d3df2131650a8c9eca25
    http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.1_sparc.deb
      Size/MD5:   279502 0c43a55b203ea3ca72fc8c6087ccca94

    

- 漏洞信息 (F62586)

Debian Linux Security Advisory 1461-1 (PacketStormID:F62586)
2008-01-14 00:00:00
Debian  debian.org
advisory,denial of service
linux,debian
CVE-2007-6284
[点击下载]

Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1461-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 13, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : missing input validation
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-6284

Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2,
the GNOME XML library, validate UTF-8 correctness insufficiently, which
may lead to denial of service by forcing libxml2 into an infinite loop.

For the unstable distribution (sid), this problem will be fixed soon.

For the stable distribution (etch), this problem has been fixed in
version 2.6.27.dfsg-2.

For the old stable distribution (sarge), this problem has been fixed in
version 2.6.16-7sarge1.

We recommend that you upgrade your libxml2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.dsc
    Size/MD5 checksum:      884 991cf7cfdaf3ef05e95ec11f1b99b345
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.diff.gz
    Size/MD5 checksum:   127107 b142c10e523b8d72ec427382849f2d39
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16.orig.tar.gz
    Size/MD5 checksum:  4008551 7b28b412498625b51d86e58e30fbdd31

Architecture independent packages:

  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.16-7sarge1_all.deb
    Size/MD5 checksum:    17242 ebfb4ef8a14dec1a34ad62fe6955afef
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-python2.3_2.6.16-7sarge1_all.deb
    Size/MD5 checksum:    10850 7a426e3c11a74852fc695612e2bfca25
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.16-7sarge1_all.deb
    Size/MD5 checksum:   930164 e4458eaa1f1080dfe1745a92c8f667e5

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_alpha.deb
    Size/MD5 checksum:   178380 39cec4bba77bc3aef4aefd5f7303470d
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_alpha.deb
    Size/MD5 checksum:   178364 2ce12c73236c4c341b358c92b198dbae
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_alpha.deb
    Size/MD5 checksum:   177434 0fb0c05e5397d45ef0f3b46ade61b9a5
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_alpha.deb
    Size/MD5 checksum:    32144 a8e00165ef4f0394e56b19d5b53689c2
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_alpha.deb
    Size/MD5 checksum:   693524 6d2d2b24908645d3e7eb18a2a68f55bf
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_alpha.deb
    Size/MD5 checksum:   797876 d1f891c9bc973625fe9630417d1736c8

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_amd64.deb
    Size/MD5 checksum:   639976 c7e4f773476dcd7160db8f7dde721acc
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_amd64.deb
    Size/MD5 checksum:   177492 036dac53f32c6de1687db56091ce7053
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_amd64.deb
    Size/MD5 checksum:   629976 57128d940cbf7a3c7b0fc33c959a4412
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_amd64.deb
    Size/MD5 checksum:   176350 bb18c925d5ac4a32b9671b2d10a5a3ec
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_amd64.deb
    Size/MD5 checksum:    30478 f089b56d3a85b90aaef374e7334670f6
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_amd64.deb
    Size/MD5 checksum:   177470 299fbaab814c6602dbe828be31857703

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_arm.deb
    Size/MD5 checksum:   159118 37b60276f1605a208923b20b5b35e937
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_arm.deb
    Size/MD5 checksum:    28364 ede14581faef3f86c970a1d1c1e0fc4b
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_arm.deb
    Size/MD5 checksum:   157942 940113a10f6a77a2393010ea7ebbdc8e
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_arm.deb
    Size/MD5 checksum:   159142 edbf498c3d5224ff5988f4e5e506781d
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_arm.deb
    Size/MD5 checksum:   584958 6ad2bd0b2d9b0c5ec581f1ded97b368d
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_arm.deb
    Size/MD5 checksum:   659776 6faa760c520074913612c6c04f13c391

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_hppa.deb
    Size/MD5 checksum:   185554 813b9d2c5f8b142359cda44718797033
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_hppa.deb
    Size/MD5 checksum:   691512 66f6713fed2673a7c65499bc3948d88d
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_hppa.deb
    Size/MD5 checksum:    30762 ddd5dfa0add92fb1a45d8b5c9f330612
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_hppa.deb
    Size/MD5 checksum:   185578 605633ecf2334e8f7620d8a8fe32b4ca
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_hppa.deb
    Size/MD5 checksum:   721798 55ca114ed3e1fb0ae159cab73d5aad1e
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_hppa.deb
    Size/MD5 checksum:   184294 6cdf988e87065a5205721e6116c0434c

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_i386.deb
    Size/MD5 checksum:   591050 5143284e844b0806c7ca9fdbdc17564a
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_i386.deb
    Size/MD5 checksum:   162230 253df68abbc124c535a660b97aaa4297
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_i386.deb
    Size/MD5 checksum:   163274 02c5664ef3a4855a62d30713661dec97
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_i386.deb
    Size/MD5 checksum:    28226 f791765de50d84da4e657a638f6c7724
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_i386.deb
    Size/MD5 checksum:   163262 b8bd4effcff791316e0b3650db191d26
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_i386.deb
    Size/MD5 checksum:   602092 083c076ddea6f81c19af79e6a622a83c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_ia64.deb
    Size/MD5 checksum:   185194 5a864b2d70dde6d4ffa8cdd8aadbe413
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_ia64.deb
    Size/MD5 checksum:   842344 86d7e89b56255cae370aefeeeb96d0e8
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_ia64.deb
    Size/MD5 checksum:   183904 62e2b5ed12e59e2368fb45f56d83c941
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_ia64.deb
    Size/MD5 checksum:    38540 9f34df8ef2e01216cc8a5fa08b4f8916
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_ia64.deb
    Size/MD5 checksum:   185202 9064c2260585e95a60cce48b4d74061c
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_ia64.deb
    Size/MD5 checksum:   920016 bdc8c365fb1da5622994713cb89a47c9

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_mips.deb
    Size/MD5 checksum:   609946 5e1f1e4202a3e7e9634392adfdad07fe
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_mips.deb
    Size/MD5 checksum:   163220 a08fa2094cb4f39377afb287ce5229d1
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_mips.deb
    Size/MD5 checksum:   700974 628e1ec484bc7ce129fad1515c8b5783
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_mips.deb
    Size/MD5 checksum:   162038 3a45da812a45d8d85d33b5f3840fae3f
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_mips.deb
    Size/MD5 checksum:   163234 0b1cc66b99d312fa45e66b7b87096b54
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_mips.deb
    Size/MD5 checksum:    29496 3f4fa64beef55f29b03edf2996fd8dd3

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_powerpc.deb
    Size/MD5 checksum:   165682 5ad90c7182dde3d3cf174d00137df9bd
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_powerpc.deb
    Size/MD5 checksum:   632382 992847eaea206f7d712b3036f09d82aa
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_powerpc.deb
    Size/MD5 checksum:   166908 d3caf8e62750c3b9df18b5364317d6de
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_powerpc.deb
    Size/MD5 checksum:    31988 27f4605932172e075e73aecb6b37f860
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_powerpc.deb
    Size/MD5 checksum:   166896 3993311ca8340ec597563e80e8ae04f6
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_powerpc.deb
    Size/MD5 checksum:   681998 f0286ca7b57c2d130afb87a2e7f55903

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_s390.deb
    Size/MD5 checksum:   183942 efa98b27ad26269269f116179a4181a0
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_s390.deb
    Size/MD5 checksum:   637590 68a43b7225a3ff9750e47b2ce8fafbff
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_s390.deb
    Size/MD5 checksum:    30400 e68e4ddeab759336fea8bdae170a98ae
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_s390.deb
    Size/MD5 checksum:   183954 b44b12173c11bae11097e824090d637e
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_s390.deb
    Size/MD5 checksum:   182594 59901b903a43b00b9a4a812138fa5110
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_s390.deb
    Size/MD5 checksum:   649804 22e69a23cd59d0469ed45c07a6c4415c

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_sparc.deb
    Size/MD5 checksum:    29200 7fae0af3ee437f1033b50b42d9291a52
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_sparc.deb
    Size/MD5 checksum:   623322 f0852fd2bdd47faedb17501f9a3354d2
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_sparc.deb
    Size/MD5 checksum:   614266 9d755c02d262c4ec9adad8397d436849
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_sparc.deb
    Size/MD5 checksum:   171374 b8e62a9c54a25427a92542eeecfa0738
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_sparc.deb
    Size/MD5 checksum:   171392 5b9ca6662c35ea726786c8b155adcec0
  http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_sparc.deb
    Size/MD5 checksum:   170388 05873d9dabafcbf0e83c46406a48709e

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
    Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.diff.gz
    Size/MD5 checksum:   142579 2bfdb7f543d1bb2c113056ba7c47a8fa
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.dsc
    Size/MD5 checksum:      893 ac5bb60fd79506befb89e6d63bb81d45

Architecture independent packages:

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-2_all.deb
    Size/MD5 checksum:  1292456 add37f996a875359e75ecae4c9bef721

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_alpha.deb
    Size/MD5 checksum:    37982 bd804f474a937b035ba1d4ae93beef1f
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_alpha.deb
    Size/MD5 checksum:   916190 97cf9a61c0468acef543c6b493089705
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_alpha.deb
    Size/MD5 checksum:   184462 32bb058f96ccdf3d96d8ab98877cbdfd
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_alpha.deb
    Size/MD5 checksum:   819852 e49620aaf549e0f42daafe19446b3697
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_alpha.deb
    Size/MD5 checksum:   882770 6ead0a0d5a8d0ae0b68bd363698e90a1

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_amd64.deb
    Size/MD5 checksum:    36782 16832b84e2ce688cbbd76ffd4166784a
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_amd64.deb
    Size/MD5 checksum:   890410 fe49261529663335d74be60721367d12
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_amd64.deb
    Size/MD5 checksum:   182914 94d2d0c1dfa0be939e7b4904791533d8
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_amd64.deb
    Size/MD5 checksum:   745942 53e57327592b75b05c9eee7b38411a00
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_amd64.deb
    Size/MD5 checksum:   795816 a2c97e1d523794671a634c54f8138d99

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_arm.deb
    Size/MD5 checksum:    34676 6b5aab661fa339dc4e7ef170188ed38b
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_arm.deb
    Size/MD5 checksum:   816410 5f275d04567bb4ff2cdf33b6982d1e5f
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_arm.deb
    Size/MD5 checksum:   740760 1b7e6e93b930ff32555b10eff05283d4
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_arm.deb
    Size/MD5 checksum:   672372 18ab49b2dcb50a31d7c25ddc3823326c
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_arm.deb
    Size/MD5 checksum:   165292 d3ab4deccf39fdca6006696dd3c3f963

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_hppa.deb
    Size/MD5 checksum:    36852 7738d949e025d84c5667d53c9cf403f3
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_hppa.deb
    Size/MD5 checksum:   864108 e3a94508a260d4f991eb8918e6f6584e
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_hppa.deb
    Size/MD5 checksum:   191966 b9d90fa3f9a973bfe2842b5f3208d591
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_hppa.deb
    Size/MD5 checksum:   856828 ef1afa089d983f53fa079a994e6fab58
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_hppa.deb
    Size/MD5 checksum:   849018 0ebc8e2a0e3d20d7f934bd2ddf0f003e

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_i386.deb
    Size/MD5 checksum:   755368 3fc87d8fc0659e1d018ffbb59ac8aae1
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_i386.deb
    Size/MD5 checksum:   856908 fbc44fb4865f19f7fcb283ec99b53ba6
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_i386.deb
    Size/MD5 checksum:   680886 733b4aa48f453a2d140a9aa57ee3f314
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_i386.deb
    Size/MD5 checksum:   169040 a9f98e8d028167654639d90e03181187
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_i386.deb
    Size/MD5 checksum:    34494 0282972a80e337f0992dcb4106b8122b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_ia64.deb
    Size/MD5 checksum:    48486 34b3f19c4ce8bed2ba28128afc742377
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_ia64.deb
    Size/MD5 checksum:   196532 af8e2034ea28de239a6bc4584511a545
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_ia64.deb
    Size/MD5 checksum:  1105058 8fc89d88515989c16c6372f6d5014ce3
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_ia64.deb
    Size/MD5 checksum:   873228 1fbadfd4d88d5e9060ef05ef1442ef0a
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_ia64.deb
    Size/MD5 checksum:  1078832 0d42237d6e8a124c6a041a2a6b13055a

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_mips.deb
    Size/MD5 checksum:    34424 5c6fb6b9d2bddb99a34eda06eabca56e
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_mips.deb
    Size/MD5 checksum:   840438 a2c9843b6e015b52db01bc2e3c9eb396
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_mips.deb
    Size/MD5 checksum:   171630 5ba55f80321214ee0eed2bb7b8a10b64
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_mips.deb
    Size/MD5 checksum:   769422 87c44cc7652046131abfcc9e8345afc6
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_mips.deb
    Size/MD5 checksum:   925916 90b551e4742f9fc704f0d48362f0caf8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_powerpc.deb
    Size/MD5 checksum:   172728 c1571f184ce56c5ddd7dc5566d92a7ed
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_powerpc.deb
    Size/MD5 checksum:   770242 7d21dccba9d10e96cdd8ce1ed79b3466
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_powerpc.deb
    Size/MD5 checksum:   779176 1b2d9ccc35217fec472a3db390ca2956
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_powerpc.deb
    Size/MD5 checksum:   896976 7024c07f1b0f910437513ba6f5bd7878
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_powerpc.deb
    Size/MD5 checksum:    37662 3d6896da0ac4aaf7f9f239a4f9a3a516

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_s390.deb
    Size/MD5 checksum:   749440 d4bf85450d358fc299df52c7c742cc24
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_s390.deb
    Size/MD5 checksum:   884816 f174f9cc572a465b494d9403d76b3c9d
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_s390.deb
    Size/MD5 checksum:   805010 42eb2a1f87ceb6cabfa8ba23e3c27b1e
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_s390.deb
    Size/MD5 checksum:    36370 3b564945daf64add099b143a631e3f25
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_s390.deb
    Size/MD5 checksum:   185722 4a0ad6d068a460806422f096c21c7197

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_sparc.deb
    Size/MD5 checksum:   759128 41f8e81199b7b3b8c2b55034d4bc5a54
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_sparc.deb
    Size/MD5 checksum:   712498 2f279ec5bd2b8427e1254f0fba9bdec7
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_sparc.deb
    Size/MD5 checksum:   781060 8c7c1b07b375f1de81f9273cec6c1d26
  http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_sparc.deb
    Size/MD5 checksum:   176868 45fa6a0155f48ebac9e5f5a85db9fba1
  http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_sparc.deb
    Size/MD5 checksum:    34572 b310e0a4f223bbdcba80c46eb09a1c92


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHikKnXm3vHE4uyloRAmoUAKDQVsZLh7ls6kgJ8Rli9vhwgj9R/gCgyq6y
+K4vLIVH//KAmY+BNRX+ts8=
=m8lo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F62565)

Mandriva Linux Security Advisory 2008-010 (PacketStormID:F62565)
2008-01-12 00:00:00
Mandriva  mandriva.com
advisory,denial of service
linux,mandriva
CVE-2007-6284
[点击下载]

Mandriva Linux Security Advisory - A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:010
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libxml2
 Date    : January 11, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A denial of service flaw was discovered by the Google Security Team
 in the way libxml2 processes malformed XML content.  This flaw could
 cause the application to stop responding.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 77dacb3f7ceed6b154d13b2230993f6a  2007.0/i586/libxml2-2.6.26-2.1mdv2007.0.i586.rpm
 b65bd8c95b4cb202ad9c6ee0b0bd240a  2007.0/i586/libxml2-devel-2.6.26-2.1mdv2007.0.i586.rpm
 783aa1a2d3e7e8f7e1d97a656606e1c0  2007.0/i586/libxml2-python-2.6.26-2.1mdv2007.0.i586.rpm
 fc8a74a258531db13fa948d95f4c2b0f  2007.0/i586/libxml2-utils-2.6.26-2.1mdv2007.0.i586.rpm 
 213917a525e29b1be556eaa909ae70b8  2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 39239bd612197276042a12756b12f25a  2007.0/x86_64/lib64xml2-2.6.26-2.1mdv2007.0.x86_64.rpm
 8559d17572b7ecf59c322fd5e24a32ac  2007.0/x86_64/lib64xml2-devel-2.6.26-2.1mdv2007.0.x86_64.rpm
 9be60ad740a273022ba6f0ac63242d4e  2007.0/x86_64/lib64xml2-python-2.6.26-2.1mdv2007.0.x86_64.rpm
 6d455daad1c6043033535790f6891a03  2007.0/x86_64/libxml2-utils-2.6.26-2.1mdv2007.0.x86_64.rpm 
 213917a525e29b1be556eaa909ae70b8  2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 39a6f6fd2ebed09f57fb448d5608254d  2007.1/i586/libxml2-2.6.27-3.1mdv2007.1.i586.rpm
 85dd4f3000b2d7a1b3ec6d7c0a839481  2007.1/i586/libxml2-devel-2.6.27-3.1mdv2007.1.i586.rpm
 04d59c5ceb87225b3da6b31a76c6e5a2  2007.1/i586/libxml2-python-2.6.27-3.1mdv2007.1.i586.rpm
 87814c987e3c1f58c722a3ea3a8e310c  2007.1/i586/libxml2-utils-2.6.27-3.1mdv2007.1.i586.rpm 
 fb22892957a80ffd6f6a3679dda1ff3a  2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 fe616f34b82ffd18e15e34c33efbac7a  2007.1/x86_64/lib64xml2-2.6.27-3.1mdv2007.1.x86_64.rpm
 77b4273b2b847dc93430288b313effe1  2007.1/x86_64/lib64xml2-devel-2.6.27-3.1mdv2007.1.x86_64.rpm
 7256a9e600ba1ccffe8263b7ca79ca9f  2007.1/x86_64/lib64xml2-python-2.6.27-3.1mdv2007.1.x86_64.rpm
 ba8ef3136d30fc8df4ab560eb6ed8d07  2007.1/x86_64/libxml2-utils-2.6.27-3.1mdv2007.1.x86_64.rpm 
 fb22892957a80ffd6f6a3679dda1ff3a  2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 3c20ada83e676e7746b79f1a31727dbc  2008.0/i586/libxml2-devel-2.6.30-1.1mdv2008.0.i586.rpm
 6d48ec5ab06b9c9da52f09ac30dc9c80  2008.0/i586/libxml2-python-2.6.30-1.1mdv2008.0.i586.rpm
 ab3b8931c36ab441c50bd807c7c1f178  2008.0/i586/libxml2-utils-2.6.30-1.1mdv2008.0.i586.rpm
 e830e8a3ff3be74baca3b6d6e08048db  2008.0/i586/libxml2_2-2.6.30-1.1mdv2008.0.i586.rpm 
 95a1741cd2ffc9aea77525d3f4ce1032  2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b906a3f182b4c263e6866469b7830d37  2008.0/x86_64/lib64xml2-devel-2.6.30-1.1mdv2008.0.x86_64.rpm
 938706227bb990215af729038959499e  2008.0/x86_64/lib64xml2_2-2.6.30-1.1mdv2008.0.x86_64.rpm
 dc73b6975441524b039e168e471d4a4a  2008.0/x86_64/libxml2-python-2.6.30-1.1mdv2008.0.x86_64.rpm
 0388308a1a1bc7286112023204048c30  2008.0/x86_64/libxml2-utils-2.6.30-1.1mdv2008.0.x86_64.rpm 
 95a1741cd2ffc9aea77525d3f4ce1032  2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm

 Corporate 3.0:
 0922b67b2e1f8731f72e4ca3b5585d92  corporate/3.0/i586/libxml2-2.6.6-1.2.C30mdk.i586.rpm
 dda560864d31455db52e8f00dc2aa43f  corporate/3.0/i586/libxml2-devel-2.6.6-1.2.C30mdk.i586.rpm
 e6f5fd59e95a74c09cdd57deed498c9a  corporate/3.0/i586/libxml2-python-2.6.6-1.2.C30mdk.i586.rpm
 7dac1af99fa5eda79e8b9d471d86c55d  corporate/3.0/i586/libxml2-utils-2.6.6-1.2.C30mdk.i586.rpm 
 56183137289bcf9c11699e891dac442a  corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 186a08bf1f0110bfaa5bd884934b2fac  corporate/3.0/x86_64/lib64xml2-2.6.6-1.2.C30mdk.x86_64.rpm
 05cf4c50a781c706c020854971160934  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.2.C30mdk.x86_64.rpm
 b636186a1473f4a45fecc396e9cd5be4  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.2.C30mdk.x86_64.rpm
 ba733e52ff5a7bf0662d6ad4cf4f4db5  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.2.C30mdk.x86_64.rpm 
 56183137289bcf9c11699e891dac442a  corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm

 Corporate 4.0:
 a9dfe938313ea3d1a8d7eabe81109e82  corporate/4.0/i586/libxml2-2.6.21-3.1.20060mlcs4.i586.rpm
 81242f717837d167804a74c133aca257  corporate/4.0/i586/libxml2-devel-2.6.21-3.1.20060mlcs4.i586.rpm
 4f72201469336da9fba2b2a2237f454d  corporate/4.0/i586/libxml2-python-2.6.21-3.1.20060mlcs4.i586.rpm
 b50e445cab3dfb2eef5d6870fcb0e389  corporate/4.0/i586/libxml2-utils-2.6.21-3.1.20060mlcs4.i586.rpm 
 b6aba6be396f65fa83ed0bc129b26e39  corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1e842a7e72843912858d308ae9d1e15b  corporate/4.0/x86_64/lib64xml2-2.6.21-3.1.20060mlcs4.x86_64.rpm
 d129d0911beee47ebfc84d635825c907  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.1.20060mlcs4.x86_64.rpm
 6e74fb611a915fe3ee14e4425257e1e8  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.1.20060mlcs4.x86_64.rpm
 cafcc6d6ccbe9fb2ea58051de8261d2d  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.1.20060mlcs4.x86_64.rpm 
 b6aba6be396f65fa83ed0bc129b26e39  corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHh+bFmqjQ0CJFipgRArjjAKDLhZbdha52orVNoyDU7FdnBVJHPwCgkYJa
kwbUo0ByhybOZevM9pHc078=
=CeNP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

40194
Libxml2 xmlCurrentChar Function UTF-8 Parsing DoS
Remote / Network Access Denial of Service
Loss of Availability Patch / RCS, Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2008-01-11 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.6.31 or higher, as it has been reported to fix this vulnerability. In addition, Daniel Veillard has released a patch for some older versions.

- 相关参考

- 漏洞作者

- 漏洞信息

libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
Design Error 27248
Yes No
2008-01-11 12:00:00 2008-07-11 08:19:00
Brad Fitzpatrick is credited with the discovery of this vulnerability.

- 受影响的程序版本

VMWare ESX Server 2.5.5 patch 4
VMWare ESX Server 2.5.5 patch 2
VMWare ESX Server 2.5.5
VMWare ESX Server 2.5.4 Patch 16
VMWare ESX Server 2.5.4 patch 15
VMWare ESX Server 2.5.4 patch 13
VMWare ESX Server 2.5.4 Patch 10
VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.4
VideoLAN VLC media player 0.8.6 g
VideoLAN VLC media player 0.8.6 d
VideoLAN VLC media player 0.8.6
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
VideoLAN VLC media player 0.8.6f
VideoLAN VLC media player 0.8.6e
VideoLAN VLC media player 0.8.6c
VideoLAN VLC media player 0.8.6b
VideoLAN VLC media player 0.8.6a
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
SuSE SUSE Linux Enterprise Server 9 SP3
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise SDK 9
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise SDK 10
SuSE SUSE Linux Enterprise SDK 10
SuSE SUSE Linux Enterprise Desktop 10 SP1
SuSE SUSE Linux Enterprise Desktop 10
SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO
SuSE Linux Professional 10.2 x86_64
SuSE Linux Personal 10.2 x86_64
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 10_x86
Sun Solaris 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. openSUSE 10.1
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux Enterprise Server 10
S.u.S.E. Linux Desktop 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
Red Hat Fedora 8
Red Hat Fedora 7
Nortel Networks Self-Service Peri Workstation 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service Media Processing Server 0
Nortel Networks Self-Service - Peri Application Rel 3.0
Nortel Networks Self-Service - CCSS7 0
Nortel Networks Self-Service 0
Nortel Networks Enterprise NMS 0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Avaya Messaging Storage Server MSS 3.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 3.1
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Message Networking
Avaya Intuity AUDIX LX 2.0
Avaya Intuity LX 2.0
Avaya Intuity LX
Avaya Intuity AUDIX
Avaya EMMC 1.021
Avaya Communication Manager 2.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 2.0
Avaya Communication Manager 5.0
Avaya Communication Manager 3.0
Avaya Communication Manager 2.2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 2.1
Avaya Aura SIP Enablement Services 3.1.1
Avaya Aura SIP Enablement Services 3.1
Avaya Aura SIP Enablement Services 3.0
Avaya Aura Application Enablement Services 3.1.3
Avaya Aura Application Enablement Services 4.1
Apple iPod Touch 1.1.4
Apple iPod Touch 1.1.3
Apple iPod Touch 1.1.2
Apple iPod Touch 1.1.1
Apple iPod Touch 1.1
Apple iPod Touch 0
Apple iPhone 1.1.4
Apple iPhone 1.1.3
Apple iPhone 1.1.2
Apple iPhone 1.1.1
Apple iPhone 1.0.2
Apple iPhone 1.0.1
Apple iPhone 1.1
Apple iPhone 1
Apple iPhone 0
VMWare ESX Server 2.5.5 patch 6
VMWare ESX Server 2.5.4 Patch 17
VideoLAN VLC media player 0.8.6 h
Apple iPod Touch 2.0
Apple iPhone 2.0

- 不受影响的程序版本

VMWare ESX Server 2.5.5 patch 6
VMWare ESX Server 2.5.4 Patch 17
VideoLAN VLC media player 0.8.6 h
Apple iPod Touch 2.0
Apple iPhone 2.0

- 漏洞讨论

The libxml2 library is prone to a denial-of-service vulnerability because of an infinite-loop flaw.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.

Versions prior to libxml2 2.6.31 are affected by this issue.

- 漏洞利用

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

The vendor released an upgraded version of libxml2 along with patches. Please see the references for more information.


VideoLAN VLC media player 0.8.6f

Sun Solaris 10

VideoLAN VLC media player 0.8.6b

VideoLAN VLC media player 0.8.6e

VideoLAN VLC media player 0.8.6 g

VideoLAN VLC media player 0.8.6 d

VideoLAN VLC media player 0.8.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站