oss-security - Re: Re: libxml2 denial of service flaw (CVE-2008-3281)

Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Mon, 25 Aug 2008 10:50:41 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: Tomas Hoger <thoger@...hat.com>
Cc: oss-security@...ts.openwall.com, vendor-sec@....de
Subject: Re: Re: libxml2 denial of service flaw
	(CVE-2008-3281)

* [2008-08-25 18:11:36 +0200] Tomas Hoger wrote:

>> Does anyone know if this affects anything other than librsvg?  If so,
>> the patch approach to fixing libxml2 would be better.  I've just
>> started looking into this today, so I'm not quite up to speed on
>> this, but it looks like there are problems with the gnome menus as
>> well.
>
>librsvg and strigi are known to be affected, according to the Debian
>bug.  Rebuild against new libxml2 should do the trick, if that's the
>way you can go.

If nothing else may crop up later, then that would be acceptable, but I
wouldn't want something to bite back later.

>> Has anyone tried this new patch?
>
>Being tested now.

Ok, nice.  I'll probably be grabbing the patches from your bugzilla as
well to test myself since quite a few users are (rightfully so)
complaining.

-- 
Vincent Danen @ http://linsec.ca/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.