hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Updated libxml2 packages fix security vulnerability
Reply

Forum Jump

Updated libxml2 packages fix security vulnerability

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Disabled
 
Join Date: Oct 2003
Location: Portugal
Posts: 62

Updated libxml2 packages fix security vulnerability


Quote:
Security Advisory - RHSA-2004:091-07
------------------------------------------------------------------------------
Summary:
Updated libxml2 packages fix security vulnerability

Updated libxml2 packages that fix an overflow when parsing remote resources
are now available.

[Updated 3 March 2004]
Revised libxml2 packages are now available as the original packages did not
contain a complete patch.

Description:
libxml2 is a library for manipulating XML files.

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110
to this issue.

All users are advised to upgrade to these updated packages, which contain a
backported fix and are not vulnerable to this issue.

References:
http://mail.gnome.org/archives/xml/2.../msg00070.html
------------------------------------------------------------------------------



Sponsored Links
Reply

Related posts from TheWhir.com
Title Type Date Posted
Microsoft Issues Patch for Critical Vulnerability Affecting Windows Systems Web Hosting News 2014-11-14 13:30:39
Shellshock-Based Malware Campaign Poses Threat to Mail Servers Web Hosting News 2014-10-28 15:33:56
WPTouch WordPress Plugin Vulnerability Allows Non-Admins to Take Over Website Web Hosting News 2014-07-14 16:17:19
GnuTLS Hello Vulnerability Poses Potential Risks to Secure Servers and Applications Web Hosting News 2014-06-04 12:08:31
OpenSSL Users Should Upgrade Now to Fix Heartbleed Security Bug Web Hosting News 2014-05-01 08:33:51


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?