CVE-2011-2834

Priority
Low
Description
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
http://www.ubuntu.com/usn/usn-1334-1
Bugs
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2834
http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
Assigned-to
micahg, jdstrand
Package
Source: libxml2 (LP Ubuntu Debian)
Upstream:released (2.7.8.dfsg-5)
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.31.dfsg-2ubuntu1.7)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.7.6.dfsg-1ubuntu1.3)
Ubuntu 10.10 (Maverick Meerkat):released (2.7.7.dfsg-4ubuntu0.3)
Ubuntu 11.04 (Natty Narwhal):released (2.7.8.dfsg-2ubuntu0.2)
Ubuntu 11.10 (Oneiric Ocelot):released (2.7.8.dfsg-4ubuntu0.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2.7.8.dfsg-5)
Patches:
Upstream:1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
Package
Source: chromium-browser (LP Ubuntu Debian)
Upstream:released (14.0.835.163)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (14.0.835.202~r103287-0ubuntu0.10.04.2)
Ubuntu 10.10 (Maverick Meerkat):released (14.0.835.202~r103287-0ubuntu0.10.10.1)
Ubuntu 11.04 (Natty Narwhal):released (14.0.835.202~r103287-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (14.0.835.202~r103287-0ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (14.0.835.202~r103287-0ubuntu1)
Patches:
Upstream:http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=98359&r2=98358&pathrev=98359
More Information

Valid XHTML 1.0 Strict

Updated: 2012-01-20 00:14:29 UTC (commit 4710)