1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
PublicDateAtUSN: 2009-08-11
Candidate: CVE-2009-2416
PublicDate: 2009-08-11
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
http://www.ubuntu.com/usn/usn-815-1
Description:
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to
cause a denial of service (application crash) via crafted (1) Notation or
(2) Enumeration attribute types in an XML file, as demonstrated by the
Codenomicon XML fuzzing framework.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: kees
Patches_libxml2:
upstream_libxml2: released (2.7.3.dfsg-2.1)
dapper_libxml2: released (2.6.24.dfsg-1ubuntu1.5)
hardy_libxml2: released (2.6.31.dfsg-2ubuntu1.4)
intrepid_libxml2: released (2.6.32.dfsg-4ubuntu1.2)
jaunty_libxml2: released (2.6.32.dfsg-5ubuntu4.2)
karmic_libxml2: not-affected
lucid_libxml2: not-affected
devel_libxml2: not-affected
Patches_libxml:
upstream_libxml: needs-triage
dapper_libxml: ignored (reached end-of-life)
hardy_libxml: released (1:1.8.17-14.1ubuntu0.1)
intrepid_libxml: DNE
jaunty_libxml: DNE
karmic_libxml: DNE
lucid_libxml: DNE
devel_libxml: DNE
|