Rapid7 Vulnerability & Exploit Database

RHSA-2008:0884: libxml2 security update

Back to Search

RHSA-2008:0884: libxml2 security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
09/12/2008
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

The libxml2 packages provide a library that allows you to manipulate XMLfiles. It includes support to read, modify, and write XML and HTML files.A heap-based buffer overflow flaw was found in the way libxml2 handled longXML entity names. If an application linked against libxml2 processeduntrusted malformed XML content, it could cause the application to crashor, possibly, execute arbitrary code. (CVE-2008-3529)All users of libxml2 are advised to upgrade to these updated packages,which contain a backported patch to resolve this issue.

Solution(s)

  • redhat-upgrade-libxml2
  • redhat-upgrade-libxml2-devel
  • redhat-upgrade-libxml2-python

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;