Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200403-01 ] Libxml2 URI Parsing Buffer Overflow Vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Moderator
Moderator


Joined: 13 Jun 2003
Posts: 4078
Location: Barcelona, Spain

PostPosted: Sat Mar 06, 2004 11:48 pm    Post subject: [ GLSA 200403-01 ] Libxml2 URI Parsing Buffer Overflow Vulne Reply with quote

Gentoo Linux Security Advisory

Title: Libxml2 URI Parsing Buffer Overflow Vulnerabilities (GLSA 200403-01)
Severity: normal
Exploitable: local and remote combination
Date: March 05, 2004
Bug(s): #42735
ID: 200403-01

Synopsis

A buffer overflow has been discovered in libxml2 versions prior to 2.6.6 which may be exploited by an attacker allowing the execution of arbitrary code.

Affected Packages

Package: dev-libs/libxml2
Vulnerable: < 2.6.6
Unaffected: >= 2.6.6
Architectures: All supported architectures


Description

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096 bytes.

Impact

If an attacker is able to exploit an application using libxml2 that parses remote resources, then this flaw could be used to execute arbitrary code.

Workaround

No workaround is available; users are urged to upgrade libxml2 to 2.6.6.

Resolution

All users are recommended to upgrade their libxml2 installation:
Code:
# emerge sync
# emerge -pv ">=dev-libs/libxml2-2.6.6"
# emerge ">=dev-libs/libxml2-2.6.6"


References

CVE 2004-0110


Last edited by GLSA on Sun May 07, 2006 4:50 pm; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum