thr3ads.net - Secure testing team - [Secure-testing-team] Bug#643648: CVE-2011-2834 and CVE-2011-2821 [Sep 2011]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2011-Sep-28 10:54 UTC

[Secure-testing-team] Bug#643648: CVE-2011-2834 and CVE-2011-2821

Package: libxml2
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

two libxml2 issues were fixed in the latest chrome updates:

CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.

Patch:
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6


CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.

Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359


Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6C/OYACgkQNxpp46476apt2ACdHKTvWjo4WoxEWsVD6Z7a9elU
AFgAn2ml9iJvUDCXczdrJcVH1PIknJFT
=EMJW
-----END PGP SIGNATURE-----

Secure testing team - Sep 2011 - Bug#643648: CVE-2011-2834 and CVE-2011-2821

[Secure-testing-team] Bug#643648: CVE-2011-2834 and CVE-2011-2821