Debians sikkerhedsbulletin
DSA-455-1 libxml -- bufferoverløb
- Rapporteret den:
- 3. mar 2004
- Berørte pakker:
- libxml, libxml2
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 9718.
I Mitres CVE-ordbog: CVE-2004-0110. - Yderligere oplysninger:
-
libxml2 er et bibliotek til behandling af XML-filer.
Yuuichi Teranishi (寺西 裕一) har opdaget en fejl i libxml, GNOMEs XML-bibliotek. Ved hentning af en fjernressource via FTP eller HTTP, anvender biblioteket særlige fortolkningsrutiner der kan få en buffer til at løbe over, hvis rutinerne modtager en meget lang URL. Hvis det lykkes en angriber at finde et program som anvender libxml1 eller libxml2, og som fortolker fjernressourcer samt tillader en angriber at fremstille URL'en, så kan denne fejl udnytte til at udføre vilkårlig kode.
I den stabile distribution (woody) er dette problem rettet i version 1.8.17-2woody1 af libxml og version 2.4.19-4woody1 af libxml2.
I den ustabile distribution (sid) er dette problem rettet i version 1.8.17-5 af libxml og version 2.6.6-1 af libxml2.
Vi anbefaler at du opgraderer dine libxml1- og libxml2-pakker.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.dsc
- http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.diff.gz
- http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.dsc
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.diff.gz
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz
- http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_alpha.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_alpha.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_alpha.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_alpha.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_arm.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_arm.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_arm.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_arm.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_i386.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_i386.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_i386.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_i386.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_ia64.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_ia64.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_ia64.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_ia64.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_hppa.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_hppa.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_hppa.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_hppa.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_m68k.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_m68k.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_m68k.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_m68k.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mips.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mips.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mips.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mips.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_s390.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_s390.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_s390.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_s390.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_sparc.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_sparc.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_sparc.deb
- http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_sparc.deb
- http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.