Nortel Response to Sun Alert 251406 - Security Vulnerabilities in the libxml2 Library Routines
| Description: |
Sun Microsystems has recently released Sun Alert 251406 - Security Vulnerabilities in the libxml2 Library Routines. There are two security vulnerabilities in the libxml2 library (see libxml2(3)) bundled with Solaris 9 and Solaris 10 which may impact applications making use of this library. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 251406 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-251406-1 This advisory addresses the following CVEs: 1. CVE-2008-4225 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225) Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. 2. CVE-2008-4226 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226) Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2009009384, Rev 1 |
| Status: |
Retired |
| Date: |
2009-09-17 |
