Synopsis:	Moderate: libxml2 security update
Issue date:	2008-08-26
CVE Names:	CVE-2008-3281


[Updated 26th August 2008]
The original fix used in this errata caused some applications using
the libxml2 library in an unexpected way to crash when used with updated
libxml2 packages. We have updated the packages for Scientific Linux
3, 4 and 5 to use a different fix that does not break affected
applications.

A denial of service flaw was found in the way libxml2 processes certain
content. If an application linked against libxml2 processes malformed XML
content, it could cause the application to stop responding. (CVE-2008-3281)

SL 3.0.x

      SRPMS:
libxml2-2.5.10-11.src.rpm
      i386:
libxml2-2.5.10-11.i386.rpm
libxml2-devel-2.5.10-11.i386.rpm
libxml2-python-2.5.10-11.i386.rpm
      x86_64:
libxml2-2.5.10-11.i386.rpm
libxml2-2.5.10-11.x86_64.rpm
libxml2-devel-2.5.10-11.x86_64.rpm
libxml2-python-2.5.10-11.x86_64.rpm

SL 4.x

      SRPMS:
libxml2-2.6.16-12.3.src.rpm
      i386:
libxml2-2.6.16-12.3.i386.rpm
libxml2-devel-2.6.16-12.3.i386.rpm
libxml2-python-2.6.16-12.3.i386.rpm
      x86_64:
libxml2-2.6.16-12.3.i386.rpm
libxml2-2.6.16-12.3.x86_64.rpm
libxml2-devel-2.6.16-12.3.x86_64.rpm
libxml2-python-2.6.16-12.3.x86_64.rpm

SL 5.x

      SRPMS:
libxml2-2.6.26-2.1.2.4.src.rpm
      i386:
libxml2-2.6.26-2.1.2.4.i386.rpm
libxml2-devel-2.6.26-2.1.2.4.i386.rpm
libxml2-python-2.6.26-2.1.2.4.i386.rpm
      x86_64:
libxml2-2.6.26-2.1.2.4.i386.rpm
libxml2-2.6.26-2.1.2.4.x86_64.rpm
libxml2-devel-2.6.26-2.1.2.4.i386.rpm
libxml2-devel-2.6.26-2.1.2.4.x86_64.rpm
libxml2-python-2.6.26-2.1.2.4.x86_64.rpm

-Connie Sieh
-Troy Dawson