thr3ads.net - Secure testing team - [Secure-testing-team] Bug#607922: CVE-2010-4494: memory corruption (double-free) in XPath processing code [Dec 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Dec-24 12:17 UTC

[Secure-testing-team] Bug#607922: CVE-2010-4494: memory corruption (double-free) in XPath processing code

Package: libxml2
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxml2.

CVE-2010-4494[0]:
| Double free vulnerability in Google Chrome before 8.0.552.215 allows
| remote attackers to cause a denial of service or possibly have
| unspecified other impact via vectors related to XPath handling.


Patch:
http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
      
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
    http://security-tracker.debian.org/tracker/CVE-2010-4494
    http://code.google.com/p/chromium/issues/detail?id=63444

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0Ujz4ACgkQNxpp46476aolzACfaHIcOhuivzJBkMyY7RJnx2eF
lsEAnRb/JFF6MetVtL68wbKMWpZAMWP1
=cbLo
-----END PGP SIGNATURE-----

Secure testing team - Dec 2010 - Bug#607922: CVE-2010-4494: memory corruption (double-free) in XPath processing code

[Secure-testing-team] Bug#607922: CVE-2010-4494: memory corruption (double-free) in XPath processing code