Lucene search
RedHatRHSA-2004:090HistoryFeb 26, 2004 - 12:00 a.m.
(RHSA-2004:090) libxml2 security update
2004-02-2600:00:00
access.redhat.com
16
0.677 Medium
EPSS
Percentile
98.0%
libxml2 is a library for manipulating XML files.
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110
to this issue.
All users are advised to upgrade to these updated packages, which contain a
backported fix and are not vulnerable to this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | libxml2-python | < 2.5.10-6 | libxml2-python-2.5.10-6.ia64.rpm |
| RedHat | any | ppc | libxml2 | < 2.5.10-6 | libxml2-2.5.10-6.ppc.rpm |
| RedHat | any | x86_64 | libxml2-python | < 2.5.10-6 | libxml2-python-2.5.10-6.x86_64.rpm |
| RedHat | any | ppc | libxml2-devel | < 2.5.10-6 | libxml2-devel-2.5.10-6.ppc.rpm |
| RedHat | any | ia64 | libxml2-python | < 2.4.19-5.ent | libxml2-python-2.4.19-5.ent.ia64.rpm |
| RedHat | any | s390 | libxml2 | < 2.5.10-6 | libxml2-2.5.10-6.s390.rpm |
| RedHat | any | s390 | libxml2-devel | < 2.5.10-6 | libxml2-devel-2.5.10-6.s390.rpm |
| RedHat | any | s390x | libxml2-devel | < 2.5.10-6 | libxml2-devel-2.5.10-6.s390x.rpm |
| RedHat | any | i386 | libxml2-devel | < 2.4.19-5.ent | libxml2-devel-2.4.19-5.ent.i386.rpm |
| RedHat | any | s390x | libxml2-python | < 2.5.10-6 | libxml2-python-2.5.10-6.s390x.rpm |
Related
openvas
openvas
SLES9: Security update for libxml2
2009-10-10 00:00:00
Debian Security Advisory DSA 455-1 (libxml, libxml2)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200403-01 (libxml)
2008-09-24 00:00:00
osv
osv
libxml - buffer overflows
2004-03-03 00:00:00
nessus
nessus
SuSE9 Security Update : libxml2 (YOU Patch Number 9581)
2009-09-24 00:00:00
FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)
2009-04-23 00:00:00
GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities
2004-08-30 00:00:00
freebsd
freebsd
libxml2 stack buffer overflow in URI parsing
2004-02-08 00:00:00
nvd
nvd
CVE-2004-0110
2004-03-15 05:00:00
debiancve
debiancve
CVE-2004-0110
2004-03-15 05:00:00
cvelist
cvelist
CVE-2004-0110
2004-03-04 05:00:00
gentoo
gentoo
Libxml2 URI Parsing Buffer Overflow Vulnerabilities
2004-03-05 00:00:00
securityvulns
securityvulns
ubuntucve
ubuntucve
CVE-2004-0110
2004-03-15 00:00:00
debian
debian
[SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
2004-03-04 10:22:56
[SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
2004-03-04 10:22:56
cve
cve
CVE-2004-0110
2004-03-15 05:00:00
centos
centos
libxml security update
2005-05-27 13:28:28
cert
cert
Libxml2 URI parsing errors in nanohttp and nanoftp
2004-03-09 00:00:00
redhat
redhat
(RHSA-2004:650) libxml security update
2004-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: libxml-1.8.17-24.fc11
2009-08-15 08:18:18
[SECURITY] Fedora 10 Update: libxml-1.8.17-24.fc10
2009-08-15 08:20:49