Debian Security Advisory DSA 2137-1 (libxml2) Network Vulnerability

Summary

The remote host is missing an update to libxml2 announced via advisory DSA 2137-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202137-1

Insight

Yang Dingning discovered a double free in libxml's Xpath processing, which might allow the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-2. We recommend that you upgrade your libxml2 packages.

Severity

Classification

CVE CVE-2010-4494

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1015-1 (sendmail)
Debian Security Advisory DSA 089-1 (icecast-server)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 095-1 (gpm)
Debian Security Advisory DSA 073-1 (imp)

Take action and discover your vulnerabilities