Rapid7 Vulnerability & Exploit Database

RHSA-2009:1206: libxml and libxml2 security update

Back to Search

RHSA-2009:1206: libxml and libxml2 security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
08/11/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

libxml is a library for parsing and manipulating XML files. A Document TypeDefinition (DTD) defines the legal syntax (and also which elements can beused) for certain types of files, such as XML files.A stack overflow flaw was found in the way libxml processes the root XMLdocument element definition in a DTD. A remote attacker could provide aspecially-crafted XML file, which once opened by a local, unsuspectinguser, would lead to denial of service (application crash). (CVE-2009-2414)Multiple use-after-free flaws were found in the way libxml parses theNotation and Enumeration attribute types. A remote attacker could providea specially-crafted XML file, which once opened by a local, unsuspectinguser, would lead to denial of service (application crash). (CVE-2009-2416)Users should upgrade to these updated packages, which contain backportedpatches to resolve these issues. For Red Hat Enterprise Linux 3, theycontain backported patches for the libxml and libxml2 packages. For Red HatEnterprise Linux 4 and 5, they contain backported patches for the libxml2packages. The desktop must be restarted (log out, then log back in) forthis update to take effect.

Solution(s)

  • redhat-upgrade-libxml2
  • redhat-upgrade-libxml2-devel
  • redhat-upgrade-libxml2-python

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;