Mandriva Update For Libxml2 MDVSA-2008:212 (libxml2) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

libxml2 version 2.7.0 and 2.7.1 did not properly handle predefined entities definitions in entities, which allowed context-dependent attackers to cause a denial of service (memory consumption and application crash) via certain XML documents (CVE-2008-4409). The updated packages have been patched to prevent this issue.

Affected

libxml2 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64

Severity

Classification

CVE CVE-2008-4409

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:107 (acpid)
Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:138 (tomcat5)
Mandrake Security Advisory MDVSA-2009:177 (ruby)
Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)

Mandriva Update for libxml2 MDVSA-2008:212 (libxml2)

Take action and discover your vulnerabilities