[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service

Hi
Just to make sure: have you seen the thread "Lenny users: attn about Gnome/libxml2 breakage" on the debian-user mailing list (started by me)?
I'm in the process of creating a bug report. (If that's not necessary anymore, tell me.) 

Christian.
PS. I wanted to send this email privately, but since the Reply-To header redirected my client to debian-security (I barely noticed), this seems to be the general wish, so I'm leaving it at that. 


Steve Kemp wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1631-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
August 22, 2008                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-3281

Andreas Solberg discovered that libxml2, the GNOME XML library,
could be forced to recursively evaluate entities, until available
CPU & memory resources were exhausted.

For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-3.

For the unstable distribution (sid), this problem will be fixed soon.


...
Reply to: