Security Information / 2012 / Security Information -- DSA-2521-1 libxml2

Debian Security Advisory

DSA-2521-1 libxml2 -- integer overflows

Date Reported:

04 Aug 2012

Affected Packages:

libxml2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-2807.

More information:

Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service.

For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze5.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 2.8.0+dfsg1-5.

We recommend that you upgrade your libxml2 packages.