Details of VAR-200809-0566

ID

VAR-200809-0566

CVE

CVE-2008-3529

TITLE

libxml2 of xmlParseAttValueComplex Heap-based buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2008-001702

DESCRIPTION

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. The 'libxml' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability. The libxml package provides a library of functions that allow users to manipulate XML files, including support for reading, modifying, and writing XML and HTML files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.7.2-r1 >= 2.7.2-r1 Description =========== Multiple vulnerabilities were reported in libxml2: * Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). * A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). * Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). * Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). * Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact ====== A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" References ========== [ 1 ] CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 [ 2 ] CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 [ 3 ] CVE-2008-4409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409 [ 4 ] CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 [ 5 ] CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-815-1 August 11, 2009 libxml2 vulnerabilities CVE-2008-3529, CVE-2009-2414, CVE-2009-2416 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.5 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.4 Ubuntu 8.10: libxml2 2.6.32.dfsg-4ubuntu1.2 Ubuntu 9.04: libxml2 2.6.32.dfsg-5ubuntu4.2 After a standard system upgrade you need to restart your sessions to effect the necessary changes. Details follow: It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. (CVE-2009-2414) It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. (CVE-2009-2416) USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. Original advisory details: It was discovered that libxml2 did not correctly handle long entity names. (CVE-2008-3529) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5.diff.gz Size/MD5: 62776 d89c05d4e7cf575a70f0f9d98db043c0 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5.dsc Size/MD5: 902 5a6bda5a6cff7f1dd1b9ac5a4a4d3dee http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg.orig.tar.gz Size/MD5: 3293814 461eb1bf7f0c845f7ff7d9b1a4c4eac8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.24.dfsg-1ubuntu1.5_all.deb Size/MD5: 1253066 7f0900285bcd5980021afb1187a65882 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.24.dfsg-1ubuntu1.5_all.deb Size/MD5: 19366 bdcb84dd5b172486d90babd60f7abe3e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_amd64.deb Size/MD5: 918870 5c542ff6be1ebfe37ed53fb5c42d4f9a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_amd64.deb Size/MD5: 737430 1277b3e55c846153da8612c2b1bd6c05 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_amd64.deb Size/MD5: 36698 941d28a2ab8c583df8ac8c4bd6053f7e http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_amd64.deb Size/MD5: 753036 159fc7694915d15d86868cbd34ff1ebb http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_amd64.deb Size/MD5: 181652 5e66ae52ee397d016840038de0a2f057 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_i386.deb Size/MD5: 766190 9afc9a70749f02669713a807ceaf2ad3 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_i386.deb Size/MD5: 642032 6e7ac3450d6220b0b5b827483622d145 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_i386.deb Size/MD5: 32980 5fc874170294ea6f6c94a690a01dbad7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_i386.deb Size/MD5: 685138 4a8510c2c2b66f6c55e4155af4c7e091 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_i386.deb Size/MD5: 166422 6cc5c19adb5ccb9db5fec9286790af1a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_powerpc.deb Size/MD5: 905098 dd7b7a8b76af164a73785d7c40be445c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_powerpc.deb Size/MD5: 761238 2f407df0d47072583fdbc6465b744b6a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_powerpc.deb Size/MD5: 37424 c584cfd1c16a16106d10a8d090aaccf0 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_powerpc.deb Size/MD5: 734090 42f54b7042c391a8326558cdc924fcc2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_powerpc.deb Size/MD5: 170808 8f4821f282453c7c516ba36e2c5fadd9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_sparc.deb Size/MD5: 745812 84c50f29ba04c9c815e561e9c9b825ee http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_sparc.deb Size/MD5: 703538 3f2e7fbc56bf64aa9631c567852dadfd http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_sparc.deb Size/MD5: 34312 540c1cb95cd95eafe94cad690e0c7ae2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_sparc.deb Size/MD5: 716890 41e8303a6e6d3fb335a2fb06b4e1bc7a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_sparc.deb Size/MD5: 174772 567a3fdd900bc9cb34e5f2f668e48851 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4.diff.gz Size/MD5: 66035 c629b5480445cc4380bf3bae181d8484 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4.dsc Size/MD5: 1072 67e7f23a4d73713a67233d554f6c8b5c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg.orig.tar.gz Size/MD5: 3442959 8498d4e6f284d2f0a01560f089cb5a3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.31.dfsg-2ubuntu1.4_all.deb Size/MD5: 1302458 9454932b37039a5af38524f7c4c0b294 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_amd64.deb Size/MD5: 939490 5c561ccc0fe42d44216631b89b1addf2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_amd64.deb Size/MD5: 754024 1d43d32a7125d4b2ed113c7dbb469bdf http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_amd64.udeb Size/MD5: 580472 d2e2babcee294fdd0f202d5d122c0dd2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_amd64.deb Size/MD5: 37052 440a067962c6e1e7ffe17071bb33fd09 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_amd64.deb Size/MD5: 832898 b129c03e0971727757567d89a6d32269 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_amd64.deb Size/MD5: 872964 86ab686a437dd9ed2b1ea08dbd5d9ba1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_amd64.deb Size/MD5: 297976 8acf0cdf5242fd3e6edd957db9e19c28 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_i386.deb Size/MD5: 904990 88fe3df363f8829fcfb9a0ff42aa4e96 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_i386.deb Size/MD5: 676490 641845452580108e68afbd1605af5744 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_i386.udeb Size/MD5: 533328 3e0d900bd1898de03a78fd408800d88e http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_i386.deb Size/MD5: 34042 2061451c337e1b12f73f9f91125aeda2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_i386.deb Size/MD5: 786106 664fc7281611ad8b19e5f0b62284878f http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_i386.deb Size/MD5: 796320 1d531f46ab809a0f58ccdcf75f706ea5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_i386.deb Size/MD5: 262966 d26ec52d81b118a64f13657db427f858 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_lpia.deb Size/MD5: 931054 830e464f765c3109497514d96295c932 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_lpia.deb Size/MD5: 679546 6f6ee1fe040963315471c2a2a15064d6 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_lpia.udeb Size/MD5: 529214 af124b039059f2f24f31c50fc8fbf48f http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_lpia.deb Size/MD5: 34488 ef4c4ea4e96d66c6d5c36e2645379915 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_lpia.deb Size/MD5: 781436 ae5efc717942777be05db9c550d5ddd5 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_lpia.deb Size/MD5: 788580 c16e8d94ecb5f1a14655fc4d40671f97 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_lpia.deb Size/MD5: 259630 143a179bfbcff152d9f33c424ea80229 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_powerpc.deb Size/MD5: 923448 d3ca8a5978632bec93151a892072b5c4 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_powerpc.deb Size/MD5: 776284 92d1fb876bb167fccee4e5a6a82e8169 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_powerpc.udeb Size/MD5: 564078 9d75d8f965c320fd17dc2c420aa6e325 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_powerpc.deb Size/MD5: 42060 8bedb52b8485e7b65b930a39a671cbd8 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_powerpc.deb Size/MD5: 816678 55d6f855ea9b7b14f2ce449079360f80 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_powerpc.deb Size/MD5: 841354 b66c89a166c8a92ed136f77e2693249b http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_powerpc.deb Size/MD5: 285362 adc160daa3848983f4ddb678c3345199 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_sparc.deb Size/MD5: 826326 f596d405cff24bfa70d8c2ff81e3439b http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_sparc.deb Size/MD5: 719830 b0cb8e2bbbec82604b5a562f3e446f78 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_sparc.udeb Size/MD5: 541066 f5796b6b3175b740eb55ab32887c98f1 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_sparc.deb Size/MD5: 36190 1e5ae0d677b95e4f5b69c86ab7207c04 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_sparc.deb Size/MD5: 793408 c10a54dbfe118a255b353b59fee0c895 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_sparc.deb Size/MD5: 807914 3566e097583445477cad63cd721424f1 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_sparc.deb Size/MD5: 277520 b0c2ed5aafa41ff970a5d8c40a12d02d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2.diff.gz Size/MD5: 84498 bc3004e4fd1e98246801b2a5741be0f1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2.dsc Size/MD5: 1494 5a25281495f4e6650a45f45a5a8526d2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz Size/MD5: 3425843 bb11c95674e775b791dab2d15e630fa4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-4ubuntu1.2_all.deb Size/MD5: 1308242 3aa37d0a971702bda21165e2744d3b15 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_amd64.deb Size/MD5: 1014608 676fed67244fe42800b527d2d654365f http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_amd64.deb Size/MD5: 777674 72fd0dc6223b0708f936bfbf830b42a4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_amd64.udeb Size/MD5: 607400 82a0a91ff27913e1284ae7799156b9a5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_amd64.deb Size/MD5: 37346 b71638a425beef5adb16962d2dbf83f8 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_amd64.deb Size/MD5: 863410 2141203bc6e460099878831efdc9de8e http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_amd64.deb Size/MD5: 858904 3143613cc83f8f3b3fc171291e48f30c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_amd64.deb Size/MD5: 296128 4f123d82f7393dc6271adee9b0b2154b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_i386.deb Size/MD5: 966962 48d67569f459f88564f282c5c7603eca http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_i386.deb Size/MD5: 701786 f31b1ec9b00b32aef5dab08de74c1ca5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_i386.udeb Size/MD5: 563618 6c10444d19aa3010ec0b6afc46631442 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_i386.deb Size/MD5: 33908 218bd1ab9dbed3bb7e56db1f1ac74a6a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_i386.deb Size/MD5: 819242 f2e5722dc46494b105d2e171a7ab8230 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_i386.deb Size/MD5: 782502 c6a12f97a9d05c420e87d98f3cebe292 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_i386.deb Size/MD5: 261340 c1e353abc1bdf4c56b856228ea92e3ce lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_lpia.deb Size/MD5: 994030 e6260d0cfcac28075fcbe72036374dc1 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_lpia.deb Size/MD5: 697648 2e04c962dc20e83f635a5bf06fb87691 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_lpia.udeb Size/MD5: 553402 8998361080659f8d3175d3621261805a http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_lpia.deb Size/MD5: 34092 da760a43ac9492e508c6dc6c85499a95 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_lpia.deb Size/MD5: 808888 d3708ffd4d87a2c48c6c37badb602ec5 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_lpia.deb Size/MD5: 776836 ff4dee115d09816a99b2c7ea63e4fd10 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_lpia.deb Size/MD5: 257710 6e2cf4776d778dc7ce2d2a7c098c5bd7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_powerpc.deb Size/MD5: 985370 5f1c540dbfecf08d6ccc22798beb7d0d http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_powerpc.deb Size/MD5: 793178 980f65e0877f36d1c51241ca6e8a4e79 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_powerpc.udeb Size/MD5: 582030 439fe7ebaebd3e5e3c9ca5b323595da6 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_powerpc.deb Size/MD5: 40426 648c47236b411a6b5ccbbe4ca4671af7 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_powerpc.deb Size/MD5: 837942 7a59d92fe6c31895aadc67df56e404b2 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_powerpc.deb Size/MD5: 822784 44a72a4996bca847bea424ad1db4d03b http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_powerpc.deb Size/MD5: 283028 9423c0b24aab87ffac1d85615282e38d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_sparc.deb Size/MD5: 872662 fcc9c2574a5f8f9aeee5be43cedd9542 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_sparc.deb Size/MD5: 730988 dab6026cfeee8b30a3d7d7a989621cc1 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_sparc.udeb Size/MD5: 551174 de8a4e5e3c69eda8a888e2a4be0d8771 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_sparc.deb Size/MD5: 36538 b1c42f5d79806ca0ddb842d6e46589e4 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_sparc.deb Size/MD5: 807300 2ec0838cfed794ad0dfba8e6c2f8f5a6 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_sparc.deb Size/MD5: 795578 5177c5c668b1cb6ab972a42ba74ce69b http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_sparc.deb Size/MD5: 275720 848f0e32688509c20e716bf56854b3c2 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2.diff.gz Size/MD5: 86115 e8ae94cf06df5aa69bcb4e9e3478dc3a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2.dsc Size/MD5: 1494 59db95aea21b88b40de41b4eb6286204 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz Size/MD5: 3425843 bb11c95674e775b791dab2d15e630fa4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5ubuntu4.2_all.deb Size/MD5: 1309904 8a177134aefda1c1803ee8cea7876987 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_amd64.deb Size/MD5: 1014666 7eecb75acf8cfe96f0d8ad00dc6cd0f7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_amd64.deb Size/MD5: 777666 303a6a64d87e0666177f9ee63cf1a03c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_amd64.udeb Size/MD5: 607592 f0abee0ba9c7cac159aa282ff04b968d http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_amd64.deb Size/MD5: 37356 e60cf6a423c951786da162ffe21132a1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_amd64.deb Size/MD5: 864536 fd1367706366bfd805f692c39f331835 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_amd64.deb Size/MD5: 863456 0e646ecc8d3e8e72fc65739a4bae3de9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_amd64.deb Size/MD5: 359004 6541b0c12852c3e490ddb20c06448eae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_i386.deb Size/MD5: 967152 3bc76bac8a99f2bceca5169cf9394f2c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_i386.deb Size/MD5: 701712 b3aa303a9b2fcdcbdcb62595a6876f86 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_i386.udeb Size/MD5: 563692 fbda90721b32837d401f72def5bae5d4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_i386.deb Size/MD5: 33904 a3323cb518af641c59ea45369a65746f http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_i386.deb Size/MD5: 820722 d26fe8acb0a5aee307d06edae3e7e28a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_i386.deb Size/MD5: 785386 afdcafaa8bac5e88aa4a13e0d749b2ea http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_i386.deb Size/MD5: 324412 bae919ee044ef9aaf19656b9d1976b19 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_lpia.deb Size/MD5: 994408 53e4d8355d376154e295df19d3a3c60d http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_lpia.deb Size/MD5: 697522 5222a56651f77e522ca0ad1c6d6d5de6 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_lpia.udeb Size/MD5: 553434 48f46f951b7ebc278e84ad661d306f19 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_lpia.deb Size/MD5: 34098 60966a769f8d75d8bc8253c687e38244 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_lpia.deb Size/MD5: 810434 585824abaa30b7726f8e7beeae6150eb http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_lpia.deb Size/MD5: 778354 6588b53390d8a294fc18ab6624e6c7c1 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_lpia.deb Size/MD5: 320608 cb34801b64a53678cc553625fec3feaf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_powerpc.deb Size/MD5: 985248 ecf8b6d8401aebd949116cb0169a96fe http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_powerpc.deb Size/MD5: 793242 1fc757dad96c16d285df20a5137af4c6 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_powerpc.udeb Size/MD5: 582210 87a282cc9ab3bf5af1015ce0624d01d9 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_powerpc.deb Size/MD5: 40434 3e24add8c4c0aaf0b7931dd185394d6d http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_powerpc.deb Size/MD5: 839218 0b75a09404be80b49058058c2aa6e746 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_powerpc.deb Size/MD5: 825710 58709b2af622ff835b15f799cd47fcfe http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_powerpc.deb Size/MD5: 344720 c07c4729d2191cf51d85654a83e8faf2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_sparc.deb Size/MD5: 872512 b6f95a836cabc34e1266b76cc250a9e0 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_sparc.deb Size/MD5: 730870 607909857dea94afe8102a7131595252 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_sparc.udeb Size/MD5: 551000 7fbe08e3223c9543645eadb4b9e0167a http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_sparc.deb Size/MD5: 36486 c3540c5aadb1adc3f85f6276a1980d0c http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_sparc.deb Size/MD5: 807954 a3ac3191b768e4b6e1e7b1c279b26a13 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_sparc.deb Size/MD5: 798558 dd9c4b6bf81302a938f71ed0f9cf47c8 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_sparc.deb Size/MD5: 338152 674bae887b0ae673dd4732498c5a738c . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:192 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml2 Date : September 11, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A heap-based buffer overflow was found in how libxml2 handled long XML entity names. The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 9250adec77a5118119d5000f2305540f 2007.1/i586/libxml2-2.6.27-3.4mdv2007.1.i586.rpm 103dba08606f0038f3a9f4107ceba442 2007.1/i586/libxml2-devel-2.6.27-3.4mdv2007.1.i586.rpm a388bf596ef6725fb5baadb4e056a0bd 2007.1/i586/libxml2-python-2.6.27-3.4mdv2007.1.i586.rpm d2333e42a538101e36eab7d12467e08b 2007.1/i586/libxml2-utils-2.6.27-3.4mdv2007.1.i586.rpm 94a25c63f54693b7ac289223a6a3a687 2007.1/SRPMS/libxml2-2.6.27-3.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 343f8656039b69716fe712eeb2d1bf4e 2007.1/x86_64/lib64xml2-2.6.27-3.4mdv2007.1.x86_64.rpm 320d8dd8245f5ec6db46bedaf07afb3e 2007.1/x86_64/lib64xml2-devel-2.6.27-3.4mdv2007.1.x86_64.rpm fb6f52df6831cda42db46502cc761475 2007.1/x86_64/lib64xml2-python-2.6.27-3.4mdv2007.1.x86_64.rpm 8440fc08fee99f18a81a32035fac166a 2007.1/x86_64/libxml2-utils-2.6.27-3.4mdv2007.1.x86_64.rpm 94a25c63f54693b7ac289223a6a3a687 2007.1/SRPMS/libxml2-2.6.27-3.4mdv2007.1.src.rpm Mandriva Linux 2008.0: c53b40d9c7ebec036f9175c8f4e87b3b 2008.0/i586/libxml2_2-2.6.30-1.4mdv2008.0.i586.rpm 4a4ed97086b52cab3bbd34fe4d7003a0 2008.0/i586/libxml2-devel-2.6.30-1.4mdv2008.0.i586.rpm d3898465dc2797a2b20be8310dd4f484 2008.0/i586/libxml2-python-2.6.30-1.4mdv2008.0.i586.rpm 34c524fa03b470093bd0b0c679bcb9c4 2008.0/i586/libxml2-utils-2.6.30-1.4mdv2008.0.i586.rpm 2dc2f4732992e27aea4c5a098c631ae8 2008.0/SRPMS/libxml2-2.6.30-1.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 20ac98b346a1f18b90504cb623c530d8 2008.0/x86_64/lib64xml2_2-2.6.30-1.4mdv2008.0.x86_64.rpm fd5907e801bf4f64ee79d097fcaec2b6 2008.0/x86_64/lib64xml2-devel-2.6.30-1.4mdv2008.0.x86_64.rpm 20f45401e501b9639a9b53d82a4e031f 2008.0/x86_64/libxml2-python-2.6.30-1.4mdv2008.0.x86_64.rpm 22be20e194ba2177a47d831ee8c82f47 2008.0/x86_64/libxml2-utils-2.6.30-1.4mdv2008.0.x86_64.rpm 2dc2f4732992e27aea4c5a098c631ae8 2008.0/SRPMS/libxml2-2.6.30-1.4mdv2008.0.src.rpm Mandriva Linux 2008.1: 61e96824adc6e61b2764bb3a85e2e76d 2008.1/i586/libxml2_2-2.6.31-1.3mdv2008.1.i586.rpm 6d0cc51d32c7b6ecd609250aad302034 2008.1/i586/libxml2-devel-2.6.31-1.3mdv2008.1.i586.rpm 1e7c4ddd30677789de05cc464dde9790 2008.1/i586/libxml2-python-2.6.31-1.3mdv2008.1.i586.rpm edd477e34b08f94956eeedd387b5e509 2008.1/i586/libxml2-utils-2.6.31-1.3mdv2008.1.i586.rpm b1078a83185c1c97fada7ea5e97df753 2008.1/SRPMS/libxml2-2.6.31-1.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 9d25e809ad31decb111a38301b2a74c1 2008.1/x86_64/lib64xml2_2-2.6.31-1.3mdv2008.1.x86_64.rpm f35af82dffc02628edb1ce03113c3ba0 2008.1/x86_64/lib64xml2-devel-2.6.31-1.3mdv2008.1.x86_64.rpm 5819b393de9ff05be4d670c8e5d36080 2008.1/x86_64/libxml2-python-2.6.31-1.3mdv2008.1.x86_64.rpm fb670bfb1a1673f99f3c3fc3a72b7777 2008.1/x86_64/libxml2-utils-2.6.31-1.3mdv2008.1.x86_64.rpm b1078a83185c1c97fada7ea5e97df753 2008.1/SRPMS/libxml2-2.6.31-1.3mdv2008.1.src.rpm Corporate 3.0: 82e733037c09b4b7770f5325c7ed1325 corporate/3.0/i586/libxml2-2.6.6-1.5.C30mdk.i586.rpm d66da7916f188883fd164cb250431bba corporate/3.0/i586/libxml2-devel-2.6.6-1.5.C30mdk.i586.rpm 5df28181424b19132bbff6afa872475a corporate/3.0/i586/libxml2-python-2.6.6-1.5.C30mdk.i586.rpm f7a86c3be6e4926fa101386a9cbbcbdd corporate/3.0/i586/libxml2-utils-2.6.6-1.5.C30mdk.i586.rpm c64826e1b31ed0c5d4514780ecd52e2e corporate/3.0/SRPMS/libxml2-2.6.6-1.5.C30mdk.src.rpm Corporate 3.0/X86_64: 76e631bd88c68085dc2c5702235c2a99 corporate/3.0/x86_64/lib64xml2-2.6.6-1.5.C30mdk.x86_64.rpm 827f9f5bc3a1b869353e3c09879ea432 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.5.C30mdk.x86_64.rpm caafa3371f80f084e8a945b3114b4533 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.5.C30mdk.x86_64.rpm e37a70f9cd13a7e00982387a9ba97726 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.5.C30mdk.x86_64.rpm c64826e1b31ed0c5d4514780ecd52e2e corporate/3.0/SRPMS/libxml2-2.6.6-1.5.C30mdk.src.rpm Corporate 4.0: 74eea161b5519eef6c16b2407126a847 corporate/4.0/i586/libxml2-2.6.21-3.4.20060mlcs4.i586.rpm 5d8d1e0e487022687c1c61fbaf91707e corporate/4.0/i586/libxml2-devel-2.6.21-3.4.20060mlcs4.i586.rpm d5aa677468c9e8baae074a12f6c63c00 corporate/4.0/i586/libxml2-python-2.6.21-3.4.20060mlcs4.i586.rpm d51b4b902bb911be69f6a17aeb07d8cf corporate/4.0/i586/libxml2-utils-2.6.21-3.4.20060mlcs4.i586.rpm ce28651304236296e59d6d3be5525889 corporate/4.0/SRPMS/libxml2-2.6.21-3.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 812f2ae0ffa7a72546b07bd7de174453 corporate/4.0/x86_64/lib64xml2-2.6.21-3.4.20060mlcs4.x86_64.rpm 23ae06098f957e46affa75220cac50af corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.4.20060mlcs4.x86_64.rpm 93cb252dadfadd4249062f903e604f82 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.4.20060mlcs4.x86_64.rpm aeff512a1b349108017e93633fabcf08 corporate/4.0/x86_64/libxml2-utils-2.6.21-3.4.20060mlcs4.x86_64.rpm ce28651304236296e59d6d3be5525889 corporate/4.0/SRPMS/libxml2-2.6.21-3.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIyaCLmqjQ0CJFipgRApioAJ9P7O5hzNQ4UuYvEIhTVLyyn9Tv9wCg4DSp mZuI5mJOfDomJXN1l5E7NSw= =tPwM -----END PGP SIGNATURE----- . This could allow the execution of arbitrary code via a malicious XML file. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-5. For the unstable distribution (sid), this problem has been fixed in version 2.6.32.dfsg-4. We recommend that you upgrade your libxml2 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz Size/MD5 checksum: 220443 48cafbb8d1bd2c6093339fea3f14e4a0 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc Size/MD5 checksum: 893 0dc1f183dd20741e5b4e26a7f8e1c652 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb Size/MD5 checksum: 1328144 c1c5f0ceb391893a94e61c074b677ee9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 820850 fac5556241bb0fde20913f25fb9c73ac http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 37980 725b1c6925e610b5843ba0ad554dc7bc http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 184754 5ccbaf07b44dcfe528167074050bf270 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 916830 17d71480b7e2a447dabde99c11d752fa http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 881834 cac19a28b37f7afb9e07966f44ddd5b2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 184130 a13372752d162d0fb2ccd58da6b73e20 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 36684 8a0265229bebf9245dc7bb7cc6f41d36 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 796194 6019e59020269cca8fa8fea40f83c118 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 891922 606fc28448bead2709c39a1d3e529a25 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 745758 95bd39eb2818772c43c3351b22326fcd arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 741876 1b670c6bac3aa9f7df28f7ea3f1e5725 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 34678 9a992dc251b137a919a813eed2af8489 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 165290 732b4e94b91a086c6b950d187af160bc http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 817514 299c93a812ac02a8aa9da88f4cb5aedf http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 673192 d2ff2c26ee8dae05f81c24aa6dfce9b5 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 191876 4d2e33090237b47bc10e9526329f0bc5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 36708 0ebf8554c5a0e873b128d52ceafccdfd http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 850210 bde343770ac9a7bd458e68a60c2b8434 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 858660 88f67d0d2aff41333ca2f4d4b2d6b5b2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 864474 489dbd9d677c274c07abb88d0f23b969 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 755986 9fdf341ede17d7790202229db9cc1353 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 169032 272c6be290817bf9cb8b401425fd83d5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 681472 d8a0611d638e0553da64a218fbcf291a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 857318 6946048170dd7d142c03c13794c30d6f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 34496 3e3674a714f780024630ad1a2ca46eab ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 1106480 03e08564e2bf843905daecdd7c5cc4c4 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 874222 ed9ab6fa068a5b07c22ec1c10db8e0ab http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 1080186 defc5f4f9eb80872a793cc025e33a111 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 48492 5a567323dc0bf8159a6eae87957266d5 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 196536 cdbb137c8bb31cf29114673c4cb28e67 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 34418 4a05346cb2fc6c314e7e8aef21662469 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 171678 c94bfffc6bde639623ce9a91028960e5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 926922 ddc8ff03120dd78869830d38a5e8708d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 840642 57f2ea24a31904c4b07531f6292a4a8e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 770246 20ba2586e1406d66bd34642f13265dcf mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 34398 9f0ebfb1dc37496e6b7a4e9963ffaeff http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 898346 29680d5d5baa66e251e71f55aa128e3c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 768976 8f6464a0ef61b3ddcd271652a01c7469 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 833252 5c83c05d44526479e7c550fd0d8cbdbe http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 168690 eb56cb1ea49795d0a5a18af468625941 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 898010 c3d61392afcb383d0f27d5f91fda721d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 770994 94ef895f8942b880e8823e10420120e6 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 172726 5d097f0290be2bab9b93287bad07e83f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 37660 e977bc38e837077de7a006ef923b98bd http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 779958 ad7245f8a9980d7f40234aefaf12a31b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 185726 91661276ed6cf371373b4e61805c81b8 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 885618 218f2603ab94bf92ba45cd330fe15782 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 806024 3abe21a0d756e5a0a2ca646f0ba32729 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 36378 cbc5eb7e2f81adafeba8e857aee8c918 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 750190 4172cb95d7aea2f9ee9331220cd5274c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 781522 c20ea9c8ab0ec798488e68c845650036 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 713144 e0139b86fbf9644678c2c6de6462bff1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 759568 7d46f7ceb214711851cc1f27edef2c48 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 34580 fceb65808b2c98f621d79352eea9d2d5 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 176874 f27821fe07861f2e71658bc3eb0a595e These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD4DBQFI9N2RwM/Gs81MDZ0RAqP7AJYxbWnJqF4zauFOietE80FTYW02AKDCOBt2 wvZ3MJ4FZeRn990jpLrh1A== =FZQi -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2008-3529 // JVNDB: JVNDB-2008-001702 // BID: 31126 // VULHUB: VHN-33654 // VULMON: CVE-2008-3529 // PACKETSTORM: 72532 // PACKETSTORM: 80275 // PACKETSTORM: 69917 // PACKETSTORM: 70915

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	4.0	Trust: 1.8
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 1.3
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.04	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.7	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	7.10	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	3.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	9.04	Trust: 1.0
vendor:	apple	model:	safari	scope:	gte	version:	3.2.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.5.7	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.10	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	3.2.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	6.06	Trust: 1.0
vendor:	xmlsoft	model:	libxml2	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	7.04	Trust: 1.0
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.16	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.14	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.13	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.11	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.9	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.6	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.5.8	Trust: 0.9
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.7.0 before	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5 to v10.5.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.7	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5 to v10.5.6	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.7	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	1.0 to 2.2.1	Trust: 0.8
vendor:	apple	model:	ios for ipod touch	scope:	eq	version:	1.1 to 2.2.1	Trust: 0.8
vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 0.8
vendor:	oracle	model:	solaris	scope:	eq	version:	9	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	sun microsystems	model:	opensolaris	scope:	eq	version:	(sparc)	Trust: 0.8
vendor:	sun microsystems	model:	opensolaris	scope:	eq	version:	(x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (x86)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	4.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	linux advanced workstation	scope:	eq	version:	2.1	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.5.7	Trust: 0.6
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.4.30	Trust: 0.6
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.17	Trust: 0.6
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.31	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.30	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.26	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.15	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.12	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.8	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.7	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.5	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.4	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.3	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.6.0	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.5.11	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.5.10	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.5.4	Trust: 0.3
vendor:	xmlsoft	model:	libxml2	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	xerox	model:	freeflow print server 73.c0.41	scope:	-	version:	-	Trust: 0.3
vendor:	xerox	model:	freeflow print server 73.b3.61	scope:	-	version:	-	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	sun	model:	solaris 9 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 9 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 10 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 10 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 99	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 96	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 95	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 92	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 91	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 90	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 89	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 88	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 87	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 85	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 84	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 83	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 82	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 80	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 78	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 77	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 76	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 68	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 67	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 64	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 61	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 59	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 57	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 50	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 39	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 36	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 29	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 22	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 19	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 13	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 100	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 02	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 01	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	management center	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	sun	model:	management center	scope:	eq	version:	4.0	Trust: 0.3
vendor:	sun	model:	management center	scope:	eq	version:	3.6	Trust: 0.3
vendor:	sun	model:	java system access manager policy agent	scope:	eq	version:	2.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	2	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	1	Trust: 0.3
vendor:	rpath	model:	appliance platform linux service	scope:	eq	version:	2	Trust: 0.3
vendor:	rpath	model:	appliance platform linux service	scope:	eq	version:	1	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	4.0	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	nortel	model:	networks self-service peri workstation	scope:	eq	version:	0	Trust: 0.3
vendor:	nortel	model:	networks self-service peri application	scope:	eq	version:	0	Trust: 0.3
vendor:	nortel	model:	networks self-service mps	scope:	eq	version:	10000	Trust: 0.3
vendor:	nortel	model:	networks self-service ccss7	scope:	eq	version:	-0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	4.1	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	proactive contact	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	proactive contact	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	proactive contact	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	messaging storage server mm3.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	meeting exchange enterprise edition	scope:	eq	version:	-	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.0.0.52	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	emmc	scope:	eq	version:	1.021	Trust: 0.3
vendor:	avaya	model:	emmc	scope:	eq	version:	1.017	Trust: 0.3
vendor:	avaya	model:	emmc	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	communication manager sp1	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	avaya	model:	communication manager sp2	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	5.1	Trust: 0.3
vendor:	avaya	model:	communication manager sp3	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	13.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	15.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	14.1	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	14.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	13.1	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.6	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	2	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	4	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	ne	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	ne	version:	3.0	Trust: 0.3

sources: BID: 31126 // JVNDB: JVNDB-2008-001702 // CNNVD: CNNVD-200809-180 // NVD: CVE-2008-3529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3529
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-3529
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200809-180
value:	HIGH
Trust: 0.6
VULHUB:	VHN-33654
value:	HIGH
Trust: 0.1
VULMON:	CVE-2008-3529
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-3529
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-33654
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-33654 // VULMON: CVE-2008-3529 // JVNDB: JVNDB-2008-001702 // CNNVD: CNNVD-200809-180 // NVD: CVE-2008-3529

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-33654 // JVNDB: JVNDB-2008-001702 // NVD: CVE-2008-3529

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 80275 // CNNVD: CNNVD-200809-180

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200809-180

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001702

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-33654 // VULMON: CVE-2008-3529

PATCH

title:	HT3639	url:	http://support.apple.com/kb/HT3639	Trust: 0.8
title:	HT3613	url:	http://support.apple.com/kb/HT3613	Trust: 0.8
title:	HT3549	url:	http://support.apple.com/kb/HT3549	Trust: 0.8
title:	HT3639	url:	http://support.apple.com/kb/HT3639?viewlocale=ja_JP	Trust: 0.8
title:	HT3613	url:	http://support.apple.com/kb/HT3613?viewlocale=ja_JP	Trust: 0.8
title:	HT3549	url:	http://support.apple.com/kb/HT3549?viewlocale=ja_JP	Trust: 0.8
title:	libxml2-2.6.26-2.1.2.6.1AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=348	Trust: 0.8
title:	1315	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1315	Trust: 0.8
title:	1344	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1344	Trust: 0.8
title:	RHSA-2008:0884	url:	https://rhn.redhat.com/errata/RHSA-2008-0884.html	Trust: 0.8
title:	RHSA-2008:0886	url:	https://rhn.redhat.com/errata/RHSA-2008-0886.html	Trust: 0.8
title:	CVE-2008-3529 Buffer overflow vulnerability in libxml2	url:	https://blogs.oracle.com/sunsecurity/entry/cve_2008_3529_buffer_overflow	Trust: 0.8
title:	247346	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-247346-1	Trust: 0.8
title:	2.7.1: Sep 1 2008	url:	http://xmlsoft.org/news.html	Trust: 0.8
title:	RHSA-2008:0884	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0884J.html	Trust: 0.8
title:	RHSA-2008:0886	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0886J.html	Trust: 0.8
title:	Debian CVElist Bug Report Logs: libxml2: does not correctly handle long entity names (CVE-2008-3529)	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ed42fcb753aa36b8c706df356b4944fb	Trust: 0.1
title:	Ubuntu Security Notice: libxml2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-644-1	Trust: 0.1
title:	Ubuntu Security Notice: libxml2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-815-1	Trust: 0.1
title:	VMware Security Advisories: Updated ESX packages for libxml2, ucd-snmp, libtiff	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=4b3f89e87c3a2b8f6ca491f31d73afa9	Trust: 0.1

sources: VULMON: CVE-2008-3529 // JVNDB: JVNDB-2008-001702

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3529	Trust: 3.3
db:	BID	id:	31126	Trust: 2.9
db:	SECUNIA	id:	31868	Trust: 2.6
db:	SECUNIA	id:	31860	Trust: 2.6
db:	SECTRACK	id:	1020855	Trust: 2.5
db:	SECUNIA	id:	31982	Trust: 1.8
db:	SECUNIA	id:	36173	Trust: 1.8
db:	SECUNIA	id:	32280	Trust: 1.8
db:	SECUNIA	id:	31558	Trust: 1.8
db:	SECUNIA	id:	32265	Trust: 1.8
db:	SECUNIA	id:	35074	Trust: 1.8
db:	SECUNIA	id:	31855	Trust: 1.8
db:	SECUNIA	id:	32807	Trust: 1.8
db:	SECUNIA	id:	33715	Trust: 1.8
db:	SECUNIA	id:	33722	Trust: 1.8
db:	SECUNIA	id:	35379	Trust: 1.8
db:	SECUNIA	id:	36235	Trust: 1.8
db:	SECUNIA	id:	35056	Trust: 1.8
db:	SECUNIA	id:	32974	Trust: 1.8
db:	USCERT	id:	TA09-133A	Trust: 1.8
db:	VUPEN	id:	ADV-2009-1297	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1522	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1621	Trust: 1.7
db:	VUPEN	id:	ADV-2008-2822	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1298	Trust: 1.7
db:	EXPLOIT-DB	id:	8798	Trust: 1.7
db:	XF	id:	45085	Trust: 0.8
db:	VUPEN	id:	ADV-2008-2419	Trust: 0.8
db:	JVNDB	id:	JVNDB-2008-001702	Trust: 0.8
db:	CNNVD	id:	CNNVD-200809-180	Trust: 0.6
db:	PACKETSTORM	id:	80275	Trust: 0.2
db:	PACKETSTORM	id:	70915	Trust: 0.2
db:	PACKETSTORM	id:	77817	Trust: 0.1
db:	PACKETSTORM	id:	78575	Trust: 0.1
db:	VULHUB	id:	VHN-33654	Trust: 0.1
db:	VUPEN	id:	2009/1297	Trust: 0.1
db:	VUPEN	id:	2008/2822	Trust: 0.1
db:	VUPEN	id:	2009/1298	Trust: 0.1
db:	VUPEN	id:	2009/1522	Trust: 0.1
db:	VUPEN	id:	2009/1621	Trust: 0.1
db:	EXPLOITDB	id:	8798	Trust: 0.1
db:	VULMON	id:	CVE-2008-3529	Trust: 0.1
db:	PACKETSTORM	id:	72532	Trust: 0.1
db:	PACKETSTORM	id:	69917	Trust: 0.1

sources: VULHUB: VHN-33654 // VULMON: CVE-2008-3529 // BID: 31126 // JVNDB: JVNDB-2008-001702 // PACKETSTORM: 72532 // PACKETSTORM: 80275 // PACKETSTORM: 69917 // PACKETSTORM: 70915 // CNNVD: CNNVD-200809-180 // NVD: CVE-2008-3529

REFERENCES

url:	http://securitytracker.com/id?1020855	Trust: 2.6
url:	http://www.securityfocus.com/bid/31126	Trust: 2.6
url:	http://secunia.com/advisories/31860	Trust: 2.6
url:	http://secunia.com/advisories/31868	Trust: 2.6
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1	Trust: 2.1
url:	http://support.avaya.com/elmodocs2/security/asa-2008-400.htm	Trust: 2.1
url:	http://support.avaya.com/elmodocs2/security/asa-2009-025.htm	Trust: 2.1
url:	http://security.gentoo.org/glsa/glsa-200812-06.xml	Trust: 1.9
url:	https://usn.ubuntu.com/644-1/	Trust: 1.9
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1	Trust: 1.8
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1	Trust: 1.8
url:	http://secunia.com/advisories/31558	Trust: 1.8
url:	http://secunia.com/advisories/31855	Trust: 1.8
url:	http://secunia.com/advisories/31982	Trust: 1.8
url:	http://secunia.com/advisories/32265	Trust: 1.8
url:	http://secunia.com/advisories/32280	Trust: 1.8
url:	http://secunia.com/advisories/32807	Trust: 1.8
url:	http://secunia.com/advisories/32974	Trust: 1.8
url:	http://secunia.com/advisories/33715	Trust: 1.8
url:	http://secunia.com/advisories/33722	Trust: 1.8
url:	http://secunia.com/advisories/35056	Trust: 1.8
url:	http://secunia.com/advisories/35074	Trust: 1.8
url:	http://secunia.com/advisories/35379	Trust: 1.8
url:	http://secunia.com/advisories/36173	Trust: 1.8
url:	http://secunia.com/advisories/36235	Trust: 1.8
url:	https://www.exploit-db.com/exploits/8798	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2008/2822	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2009/1297	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2009/1298	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2009/1522	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2009/1621	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2009/may/msg00000.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html	Trust: 1.8
url:	http://www.debian.org/security/2008/dsa-1654	Trust: 1.8
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2008:192	Trust: 1.8
url:	http://www.redhat.com/support/errata/rhsa-2008-0884.html	Trust: 1.8
url:	http://www.redhat.com/support/errata/rhsa-2008-0886.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html	Trust: 1.8
url:	http://www.us-cert.gov/cas/techalerts/ta09-133a.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-815-1	Trust: 1.8
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1	Trust: 1.8
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1	Trust: 1.8
url:	http://support.apple.com/kb/ht3549	Trust: 1.8
url:	http://support.apple.com/kb/ht3550	Trust: 1.8
url:	http://support.apple.com/kb/ht3613	Trust: 1.8
url:	http://support.apple.com/kb/ht3639	Trust: 1.8
url:	http://wiki.rpath.com/advisories:rpsa-2008-0325	Trust: 1.8
url:	http://xmlsoft.org/news.html	Trust: 1.8
url:	https://bugzilla.redhat.com/show_bug.cgi?id=461015	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/45085	Trust: 1.8
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11760	Trust: 1.8
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6103	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3529	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/45085	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3529	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2008/2419	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2008-3529	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2008:0886	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2008:0884	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3529	Trust: 0.4
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266428-1	Trust: 0.3
url:	http://www.xmlsoft.org/	Trust: 0.3
url:	http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=834296	Trust: 0.3
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-247346-1	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3281	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3281	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498768	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=16643	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/8798/	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-4225	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4225	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4226	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-4409	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-4226	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4409	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.24.dfsg-1ubuntu1.5_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_amd64.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_amd64.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.24.dfsg-1ubuntu1.5_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_lpia.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_powerpc.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_powerpc.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_lpia.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.5_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_powerpc.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.5_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-4ubuntu1.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-4ubuntu1.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_i386.udeb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2414	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_lpia.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-4ubuntu1.2_sparc.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.5_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_sparc.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5ubuntu4.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.5_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_i386.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2416	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5ubuntu4.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_i386.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_amd64.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.31.dfsg-2ubuntu1.4_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.4_i386.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.32.dfsg-5ubuntu4.2_sparc.udeb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5ubuntu4.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-4ubuntu1.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.5_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-4ubuntu1.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-4ubuntu1.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.32.dfsg-4ubuntu1.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.4_amd64.deb	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_ia64.deb	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_sparc.deb	Trust: 0.1
url:	http://security.debian.org/	Trust: 0.1
url:	http://packages.debian.org/<pkg>	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mipsel.deb	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb	Trust: 0.1

CREDITS

Andreas Solberg

Trust: 0.6

sources: CNNVD: CNNVD-200809-180

SOURCES

db:	VULHUB	id:	VHN-33654
db:	VULMON	id:	CVE-2008-3529
db:	BID	id:	31126
db:	JVNDB	id:	JVNDB-2008-001702
db:	PACKETSTORM	id:	72532
db:	PACKETSTORM	id:	80275
db:	PACKETSTORM	id:	69917
db:	PACKETSTORM	id:	70915
db:	CNNVD	id:	CNNVD-200809-180
db:	NVD	id:	CVE-2008-3529

LAST UPDATE DATE

2024-11-22T21:02:33.011000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-33654	date:	2023-02-13T00:00:00
db:	VULMON	id:	CVE-2008-3529	date:	2021-11-08T00:00:00
db:	BID	id:	31126	date:	2013-03-05T18:04:00
db:	JVNDB	id:	JVNDB-2008-001702	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200809-180	date:	2023-05-05T00:00:00
db:	NVD	id:	CVE-2008-3529	date:	2023-02-13T02:19:25.937

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-33654	date:	2008-09-12T00:00:00
db:	VULMON	id:	CVE-2008-3529	date:	2008-09-12T00:00:00
db:	BID	id:	31126	date:	2008-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2008-001702	date:	2008-10-03T00:00:00
db:	PACKETSTORM	id:	72532	date:	2008-12-02T19:43:58
db:	PACKETSTORM	id:	80275	date:	2009-08-11T22:46:51
db:	PACKETSTORM	id:	69917	date:	2008-09-12T20:19:07
db:	PACKETSTORM	id:	70915	date:	2008-10-14T20:43:05
db:	CNNVD	id:	CNNVD-200809-180	date:	2008-09-12T00:00:00
db:	NVD	id:	CVE-2008-3529	date:	2008-09-12T16:56:20.493