Oval Definition:oval:com.redhat.rhsa:def:20091206
Revision Date:2009-08-10Version:649
Title:RHSA-2009:1206: libxml and libxml2 security update (Moderate)
Description:libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files.

  • A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414)

  • Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416)

    Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-2414
    CVE-2009-2416
    RHSA-2009:1206
    RHSA-2009:1206-01
    RHSA-2009:1206-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • libxml is earlier than 1:1.8.17-9.3
  • AND libxml is signed with Red Hat master key
  • libxml-devel is earlier than 1:1.8.17-9.3
  • AND libxml-devel is signed with Red Hat master key
  • libxml2 is earlier than 0:2.5.10-15
  • AND libxml2 is signed with Red Hat master key
  • libxml2-python is earlier than 0:2.5.10-15
  • AND libxml2-python is signed with Red Hat master key
  • libxml2-devel is earlier than 0:2.5.10-15
  • AND libxml2-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libxml2 is earlier than 0:2.6.16-12.7
  • AND libxml2 is signed with Red Hat master key
  • libxml2-python is earlier than 0:2.6.16-12.7
  • AND libxml2-python is signed with Red Hat master key
  • libxml2-devel is earlier than 0:2.6.16-12.7
  • AND libxml2-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libxml2 is earlier than 0:2.6.26-2.1.2.8
  • AND libxml2 is signed with Red Hat redhatrelease key
  • libxml2-devel is earlier than 0:2.6.26-2.1.2.8
  • AND libxml2-devel is signed with Red Hat redhatrelease key
  • libxml2-python is earlier than 0:2.6.26-2.1.2.8
  • AND libxml2-python is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libxml2 is earlier than 0:2.6.16-12.7
  • AND libxml2 is signed with Red Hat redhatrelease2 key
  • libxml2-devel is earlier than 0:2.6.16-12.7
  • AND libxml2-devel is signed with Red Hat redhatrelease2 key
  • libxml2-python is earlier than 0:2.6.16-12.7
  • AND libxml2-python is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libxml2 is earlier than 0:2.6.26-2.1.2.8
  • AND libxml2 is signed with Red Hat redhatrelease2 key
  • libxml2-devel is earlier than 0:2.6.26-2.1.2.8
  • AND libxml2-devel is signed with Red Hat redhatrelease2 key
  • libxml2-python is earlier than 0:2.6.26-2.1.2.8
  • AND libxml2-python is signed with Red Hat redhatrelease2 key
    • BACK