PROBLEM:
libxml2 is vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code.
PLATFORM:
Package: libxml2 version 2.7.8. Other versions may also be affected
ABSTRACT:
Libxml2 XPath Nodeset Processing Vulnerability
reference LINKS:
Secunia Advisory: SA44817
Secunia Advisory: SA44711
DSA 2255-1
Vulnerability Report: Debian GNU/Linux 6.0
Download Package libxml2
Other Packages Related to libxml2
IMPACT ASSESSMENT:
High
Discussion:
Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny4.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-3.
Impact:
The vulnerability is caused due to an error when reallocating memory in xpath.c during the processing of a XPath nodeset. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPath expression.Successful exploitation may allow execution of arbitrary code.