thr3ads.net - Secure testing team - [Secure-testing-team] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH [Nov 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Giuseppe Iuculano

2010-Nov-06 13:22 UTC

[Secure-testing-team] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH

Package: libxml2
Version: 2.7.7.dfsg-4
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

it was discovered that libxml2 does not well process a malformed XPATH,
causing crash and allowing arbitrary code execution.

Patch:
http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzVVoYACgkQNxpp46476arbpwCeK9pEIv7u4PC+3YAfUO67eADI
Ls0An045V3eap6+bhfM88as/0hq+tEqw
=ymuH
-----END PGP SIGNATURE-----

Secure testing team - Nov 2010 - Bug#602609: CVE-2010-4008: does not well process a malformed XPATH

[Secure-testing-team] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH