BID:9718

libxml2 Remote URI Parsing Buffer Overrun Vulnerability

Info

libxml2 Remote URI Parsing Buffer Overrun Vulnerability

Bugtraq ID:	9718
Class:	Boundary Condition Error
CVE:	CVE-2004-0110
Remote:	Yes
Local:	No
Published:	Feb 12 2004 12:00AM
Updated:	Apr 13 2015 10:11PM
Credit:	Discovery of this issue is credited to Yuuichi Teranishi.
Vulnerable:	XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6 .0 XMLSoft Libxml2 2.5.11 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 XMLSoft Libxml2 2.5.10 + Trustix Secure Linux 2.0 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.4 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 XMLSoft Libxml2 2.5.1 XMLSoft Libxml2 2.4.23 + Conectiva Linux Enterprise Edition 1.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 XMLSoft Libxml2 2.4.19 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha XMLSoft Libxml2 2.4.12 XMLSoft Libxml 1.8.17 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 7 + Linux kernel 2.4.19 SuSE Linux Desktop 1.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SGI ProPack 3.0 SGI ProPack 2.4 SGI ProPack 2.3 SGI Advanced Linux Environment 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Apple Mac OS X Server 10.3.3 Apple Mac OS X 10.3.3

Not Vulnerable:	XMLSoft Libxml2 2.6.6

Discussion

libxml2 Remote URI Parsing Buffer Overrun Vulnerability

A remotely exploitable buffer-overrun vulnerability has been reported in libxml2. This issue is caused by insufficient bounds checking in the URI parsing code in the 'nanohttp' and 'nanoftp' modules.

Attackers may exploit this issue to execute arbitrary code.

Exploit / POC

libxml2 Remote URI Parsing Buffer Overrun Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

libxml2 Remote URI Parsing Buffer Overrun Vulnerability

Solution:
This issue has been addressed in libxml2 2.6.6.

XMLSoft Libxml 1.8.17

Debian libxml-dev_1.8.17-2woody1_alpha.deb
Debian GNU/Linux 3.0 Alpha
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_alpha.deb

Debian libxml-dev_1.8.17-2woody1_arm.deb
Debian GNU/Linux 3.0 ARM
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_arm.deb

Debian libxml-dev_1.8.17-2woody1_hppa.deb
Debian GNU/Linux 3.0 HP Precision
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_hppa.deb

Debian libxml-dev_1.8.17-2woody1_i386.deb
Debian GNU/Linux 3.0 Intel IA-32
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_i386.deb

Debian libxml-dev_1.8.17-2woody1_ia64.deb
Debian GNU/Linux 3.0 Intel IA-64
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_ia64.deb

Debian libxml-dev_1.8.17-2woody1_m68k.deb
Debian GNU/Linux 3.0 Motorola 680x0
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_m68k.deb

Debian libxml-dev_1.8.17-2woody1_mips.deb
Debian GNU/Linux 3.0 Big endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_mips.deb

Debian libxml-dev_1.8.17-2woody1_mipsel.deb
Debian GNU/Linux 3.0 Little endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_mipsel.deb

Debian libxml-dev_1.8.17-2woody1_powerpc.deb
Debian GNU/Linux 3.0 PowerPC
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_powerpc.deb

Debian libxml-dev_1.8.17-2woody1_s390.deb
Debian GNU/Linux 3.0 IBM S/390
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_s390.deb

Debian libxml-dev_1.8.17-2woody1_sparc.deb
Debian GNU/Linux 3.0 Sun Sparc
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1. 8.17-2woody1_sparc.deb

Debian libxml1_1.8.17-2woody1_alpha.deb
Debian GNU/Linux 3.0 Alpha
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_alpha.deb

Debian libxml1_1.8.17-2woody1_arm.deb
Debian GNU/Linux 3.0 ARM
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_arm.deb

Debian libxml1_1.8.17-2woody1_hppa.deb
Debian GNU/Linux 3.0 HP Precision
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_hppa.deb

Debian libxml1_1.8.17-2woody1_i386.deb
Debian GNU/Linux 3.0 Intel IA-32
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_i386.deb

Debian libxml1_1.8.17-2woody1_ia64.deb
Debian GNU/Linux 3.0 Intel IA-64
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_ia64.deb

Debian libxml1_1.8.17-2woody1_m68k.deb
Debian GNU/Linux 3.0 Motorola 680x0
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_m68k.deb

Debian libxml1_1.8.17-2woody1_mips.deb
Debian GNU/Linux 3.0 Big endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_mips.deb

Debian libxml1_1.8.17-2woody1_mipsel.deb
Debian GNU/Linux 3.0 Little endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_mipsel.deb

Debian libxml1_1.8.17-2woody1_powerpc.deb
Debian GNU/Linux 3.0 PowerPC
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_powerpc.deb

Debian libxml1_1.8.17-2woody1_s390.deb
Debian GNU/Linux 3.0 IBM S/390
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_s390.deb

Debian libxml1_1.8.17-2woody1_sparc.deb
Debian GNU/Linux 3.0 Sun Sparc
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.1 7-2woody1_sparc.deb

SuSE libxml-1.8.17-366.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libxml-1.8.17-366 .4.i586.rpm

SuSE libxml-1.8.17-366.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libxml-1.8.17 -366.4.x86_64.rpm

SuSE libxml-1.8.17-369.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libxml-1.8.17-369 .2.i586.rpm

SuSE libxml-1.8.17-369.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libxml-1.8.17 -369.2.x86_64.rpm

SuSE libxml-1.8.17-371.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml-1.8.17-371 .i586.rpm

SuSE libxml-1.8.17-372.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml-1.8.17-372 .i586.rpm

SuSE libxml-1.8.17-372.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libxml-1.8.17 -372.x86_64.rpm

SuSE libxml-32bit-9.2-200412202043.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libxml-32bit- 9.2-200412202043.x86_64.rpm

SuSE libxml-devel-1.8.17-366.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libxml-devel-1.8. 17-366.4.i586.rpm

SuSE libxml-devel-1.8.17-366.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libxml-devel- 1.8.17-366.4.x86_64.rpm

SuSE libxml-devel-1.8.17-369.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libxml-devel-1.8. 17-369.2.i586.rpm

SuSE libxml-devel-1.8.17-369.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libxml-devel- 1.8.17-369.2.x86_64.rpm

SuSE libxml-devel-1.8.17-371.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml-devel-1.8. 17-371.i586.rpm

SuSE libxml-devel-1.8.17-372.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml-devel-1.8. 17-372.i586.rpm

SuSE libxml-devel-1.8.17-372.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libxml-devel- 1.8.17-372.x86_64.rpm

Turbolinux Turbolinux Desktop 10.0

Turbolinux libxml2-2.5.11-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/upd ates/RPMS/libxml2-2.5.11-2.i586.rpm

Turbolinux libxml2-devel-2.5.11-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/upd ates/RPMS/libxml2-devel-2.5.11-2.i586.rpm

Apple Mac OS X 10.3.3

Apple SecUpd2004-04-05Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=03993&plat form=osx&method=sa/SecUpd2004-04-05Pan.dmg

Apple Mac OS X Server 10.3.3

Apple SecUpd2004-04-05Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=03993&plat form=osx&method=sa/SecUpd2004-04-05Pan.dmg

SGI ProPack 2.3

SGI patch10056.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0056.tar.gz

SGI ProPack 2.4

SGI patch10056.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0056.tar.gz

XMLSoft Libxml2 2.4.12

Conectiva libxml2-2.4.12-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libxml2-2.4.12-3U80_1cl.i38 6.rpm

Conectiva libxml2-devel-2.4.12-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libxml2-devel-2.4.12-3U80_1 cl.i386.rpm

Conectiva libxml2-devel-static-2.4.12-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libxml2-devel-static-2.4.12 -3U80_1cl.i386.rpm

Conectiva libxml2-doc-2.4.12-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libxml2-doc-2.4.12-3U80_1cl .i386.rpm

XMLSoft Libxml2 2.4.19

Debian libxml2-dev_2.4.19-4woody1_alpha.deb
Debian GNU/Linux 3.0 Alpha
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_alpha.deb

Debian libxml2-dev_2.4.19-4woody1_arm.deb
Debian GNU/Linux 3.0 ARM
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_arm.deb

Debian libxml2-dev_2.4.19-4woody1_hppa.deb
Debian GNU/Linux 3.0 HP Precision
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_hppa.deb

Debian libxml2-dev_2.4.19-4woody1_i386.deb
Debian GNU/Linux 3.0 Intel IA-32
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_i386.deb

Debian libxml2-dev_2.4.19-4woody1_ia64.deb
Debian GNU/Linux 3.0 Intel IA-64
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_ia64.deb

Debian libxml2-dev_2.4.19-4woody1_m68k.deb
Debian GNU/Linux 3.0 Motorola 680x0
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_m68k.deb

Debian libxml2-dev_2.4.19-4woody1_mips.deb
Debian GNU/Linux 3.0 Big endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_mips.deb

Debian libxml2-dev_2.4.19-4woody1_mipsel.deb
Debian GNU/Linux 3.0 Little endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_mipsel.deb

Debian libxml2-dev_2.4.19-4woody1_powerpc.deb
Debian GNU/Linux 3.0 PowerPC
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_powerpc.deb

Debian libxml2-dev_2.4.19-4woody1_s390.deb
Debian GNU/Linux 3.0 IBM S/390
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_s390.deb

Debian libxml2-dev_2.4.19-4woody1_sparc.deb
Debian GNU/Linux 3.0 Sun Sparc
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_ 2.4.19-4woody1_sparc.deb

Debian libxml2_2.4.19-4woody1_alpha.deb
Debian GNU/Linux 3.0 Alpha
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_alpha.deb

Debian libxml2_2.4.19-4woody1_arm.deb
Debian GNU/Linux 3.0 ARM
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_arm.deb

Debian libxml2_2.4.19-4woody1_hppa.deb
Debian GNU/Linux 3.0 HP Precision
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_hppa.deb

Debian libxml2_2.4.19-4woody1_i386.deb
Debian GNU/Linux 3.0 Intel IA-32
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_i386.deb

Debian libxml2_2.4.19-4woody1_ia64.deb
Debian GNU/Linux 3.0 Intel IA-64
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_ia64.deb

Debian libxml2_2.4.19-4woody1_m68k.deb
Debian GNU/Linux 3.0 Motorola 680x0
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_m68k.deb

Debian libxml2_2.4.19-4woody1_mips.deb
Debian GNU/Linux 3.0 Big endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_mips.deb

Debian libxml2_2.4.19-4woody1_mipsel.deb
Debian GNU/Linux 3.0 Little endian MIPS
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_mipsel.deb

Debian libxml2_2.4.19-4woody1_powerpc.deb
Debian GNU/Linux 3.0 PowerPC
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_powerpc.deb

Debian libxml2_2.4.19-4woody1_s390.deb
Debian GNU/Linux 3.0 IBM S/390
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_s390.deb

Debian libxml2_2.4.19-4woody1_sparc.deb
Debian GNU/Linux 3.0 Sun Sparc
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4. 19-4woody1_sparc.deb

RedHat libxml2-2.4.19-6.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libxml2-2.4.1 9-6.legacy.i386.rpm

RedHat libxml2-devel-2.4.19-6.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libxml2-devel -2.4.19-6.legacy.i386.rpm

RedHat libxml2-python-2.4.19-6.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libxml2-pytho n-2.4.19-6.legacy.i386.rpm

XMLSoft Libxml2 2.4.23

Conectiva libxml2-2.4.23-224.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/libxml2-2.4.23-224.i58 6.rpm

Conectiva libxml2-2.4.23-225.src.rpm
ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/libxml2-2.4.23-225.sr c.rpm

Conectiva libxml2-devel-2.4.23-225.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/libxml2-devel-2.4.23-2 25.i586.rpm

Mandrake libxml2-2.4.23-4.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-2.4.23-4.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-devel-2.4.23-4.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-devel-2.4.23-4.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-python-2.4.23-4.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-python-2.4.23-4.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-utils-2.4.23-4.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-utils-2.4.23-4.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

SuSE libxml2-2.4.23-243.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libxml2-2.4.23-24 3.i586.rpm

SuSE libxml2-devel-2.4.23-243.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libxml2-devel-2.4 .23-243.i586.rpm

SuSE libxml2-python-2.4.23-243.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libxml2-python-2. 4.23-243.i586.rpm

XMLSoft Libxml2 2.5.1

Conectiva libxml2-2.5.1-22050U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libxml2-2.5.1-22050U90_1cl. i386.rpm

Conectiva libxml2-devel-2.5.1-22050U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libxml2-devel-2.5.1-22050U9 0_1cl.i386.rpm

Conectiva libxml2-devel-static-2.5.1-22050U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libxml2-devel-static-2.5.1- 22050U90_1cl.i386.rpm

Conectiva libxml2-doc-2.5.1-22050U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libxml2-doc-2.5.1-22050U90_ 1cl.i386.rpm

SuSE libxml2-2.5.3-24.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libxml2-2.5.3-24. i586.rpm

SuSE libxml2-devel-2.5.3-24.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libxml2-devel-2.5 .3-24.i586.rpm

SuSE libxml2-python-2.5.3-47.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libxml2-python-2. 5.3-47.i586.rpm

XMLSoft Libxml2 2.5.10

SuSE libxml2-2.5.10-36.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml2-2.5.10-36 .i586.rpm

SuSE libxml2-2.5.10-36.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libxml2-2.5.1 0-36.x86_64.rpm

SuSE libxml2-devel-2.5.10-36.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml2-devel-2.5 .10-36.i586.rpm

SuSE libxml2-devel-2.5.10-36.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libxml2-devel -2.5.10-36.x86_64.rpm

SuSE libxml2-python-2.5.10-64.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libxml2-python-2. 5.10-64.i586.rpm

SuSE libxml2-python-2.5.10-64.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libxml2-pytho n-2.5.10-64.x86_64.rpm

Trustix libxml2-2.5.10-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.0/rpms/libxml2-2.5.10-1tr. i586.rpm

Trustix libxml2-devel-2.5.10-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.0/rpms/libxml2-devel-2.5.1 0-1tr.i586.rpm

Trustix libxml2-python-2.5.10-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.0/rpms/libxml2-python-2.5. 10-1tr.i586.rpm

XMLSoft Libxml2 2.5.11

Mandrake libxml2-2.5.11-1.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-devel-2.5.11-1.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-python-2.5.11-1.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-utils-2.5.11-1.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-utils-2.5.11-1.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

XMLSoft Libxml2 2.5.4

Mandrake libxml2-2.5.4-1.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-2.5.4-1.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-devel-2.5.4-1.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-devel-2.5.4-1.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-python-2.5.4-1.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-python-2.5.4-1.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-utils-2.5.4-1.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libxml2-utils-2.5.4-1.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Red Hat libxml2-2.5.4-3.rh9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/libxml2-2.5.4-3.rh9.i386.rpm

Red Hat libxml2-devel-2.5.4-3.rh9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/libxml2-devel-2.5.4-3.rh9.i386.r pm

Red Hat libxml2-python-2.5.4-3.rh9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/libxml2-python-2.5.4-3.rh9.i386. rpm

XMLSoft Libxml2 2.5.8

OpenPKG libxml-2.5.8-1.3.1.src.rpm
ftp://ftp.openpkg.org/release/1.3/UPD/libxml-2.5.8-1.3.1.src.rpm

XMLSoft Libxml2 2.6 .0

XMLSoft Libxml 2.6.6
ftp://xmlsoft.org/

XMLSoft Libxml2 2.6.1

XMLSoft Libxml 2.6.6
ftp://xmlsoft.org/

XMLSoft Libxml2 2.6.2

XMLSoft Libxml 2.6.6
ftp://xmlsoft.org/

XMLSoft Libxml2 2.6.3

XMLSoft Libxml 2.6.6
ftp://xmlsoft.org/

XMLSoft Libxml2 2.6.4

XMLSoft Libxml 2.6.6
ftp://xmlsoft.org/

XMLSoft Libxml2 2.6.5

XMLSoft Libxml 2.6.6
ftp://xmlsoft.org/

SGI ProPack 3.0

SGI patch10131.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101 31.tar.gz

Turbolinux Turbolinux Server 7.0

Turbolinux libxml2-2.4.28-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/libxml2-2.4.28-2.i586.rpm

Turbolinux libxml2-devel-2.4.28-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/libxml2-devel-2.4.28-2.i586.rpm

Turbolinux libxml2-python-2.4.28-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/libxml2-python-2.4.28-2.i586.rpm

Turbolinux Turbolinux Workstation 7.0

Turbolinux libxml2-2.4.28-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/libxml2-2.4.28-2.i586.rpm

Turbolinux libxml2-devel-2.4.28-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/libxml2-devel-2.4.28-2.i586.rpm

Turbolinux libxml2-python-2.4.28-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/libxml2-python-2.4.28-2.i586.rpm

Turbolinux Turbolinux Workstation 8.0

Turbolinux libxml2-2.4.19-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/libxml2-2.4.19-2.i586.rpm

Turbolinux libxml2-devel-2.4.19-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/libxml2-devel-2.4.19-2.i586.rpm

Turbolinux libxml2-python-2.4.19-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/libxml2-python-2.4.19-2.i586.rpm

Turbolinux Turbolinux Server 8.0

Turbolinux libxml2-2.4.22-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/libxml2-2.4.22-2.i586.rpm

Turbolinux libxml2-devel-2.4.22-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/libxml2-devel-2.4.22-2.i586.rpm

Turbolinux libxml2-python-2.4.22-2.i586.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/libxml2-python-2.4.22-2.i586.rpm

References

libxml2 Remote URI Parsing Buffer Overrun Vulnerability

References:

GLSA 200403-01 Libxml2 URI Parsing Buffer Overflow Vulnerabilities (Gentoo)
libxml2 (Conectiva)
LNSA-#2004-0004: libxml2 buffer overflow (Mar, 4 2004) (Netwosix)
RHSA-2004:650-03 - libxml (RedHat)
RHSA-2004:650-08 - Updated libxml package fixes security vulnerabilities (RedHat)
Security Update 2004-04-05 (10.3.3) (Apple)
Updated libxml2 packages fix security vulnerability (RedHat)
XMLSoft Homepage (XMLSoft)
XMLSoft News (XMLSoft)