Bug 64363 (CVE-2004-0110) - VUL-0: CVE-2004-0110: libxml2: buffer overflow in DNS response handling code
Summary: VUL-0: CVE-2004-0110: libxml2: buffer overflow in DNS response handling code
Status: RESOLVED FIXED
Alias: CVE-2004-0110
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0110: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-17 19:35 UTC by Thomas Biege
Modified: 2021-11-05 16:16 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
nanoftp-2.6.12.diff (320 bytes, patch)
2004-12-17 19:36 UTC, Thomas Biege 		Details | Diff
nanohttp-2.6.12.diff (778 bytes, patch)
2004-12-17 19:36 UTC, Thomas Biege 		Details | Diff
patchinfo.xml2 (557 bytes, text/plain)
2004-12-17 19:58 UTC, Thomas Biege 		Details
patchinfo-box.xml2 (619 bytes, text/plain)
2004-12-17 19:58 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-12-17 19:35:00 UTC 
And another one. 
 
CAN-2004-0110 
 
http://www.debian.org/security/2004/dsa-455
Comment 1 Thomas Biege 2004-12-17 19:35:00 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-12-17 19:36:00 UTC 
Created attachment 27163 [details]
nanoftp-2.6.12.diff
Comment 3 Thomas Biege 2004-12-17 19:36:21 UTC 
Created attachment 27164 [details]
nanohttp-2.6.12.diff
Comment 4 Thomas Biege 2004-12-17 19:52:50 UTC 
SM-Tracker-76
Comment 5 Thomas Biege 2004-12-17 19:58:23 UTC 
Created attachment 27165 [details]
patchinfo.xml2
Comment 6 Thomas Biege 2004-12-17 19:58:39 UTC 
Created attachment 27166 [details]
patchinfo-box.xml2
Comment 7 Thomas Biege 2004-12-17 19:58:57 UTC 
please verify both file before submitting them.
Comment 8 Thomas Biege 2004-12-18 00:20:19 UTC 
Absent     : Fri 2004-12-17 - Mon 2004-12-20 
             Tue 2004-12-21 
             Wed 2004-12-22 - Tue 2004-12-28 
             Fri 2004-12-31 
             Fri 2004-12-24 
             Fri 2004-12-31
Comment 9 Thomas Biege 2004-12-20 16:24:54 UTC 
I'll make the update...
Comment 10 Thomas Biege 2004-12-20 21:44:40 UTC 
packages submitted...
Comment 11 Michael Schröder 2004-12-21 00:58:10 UTC 
(Why is libxml2-python missing from the 8.1 patchinfo?)
Comment 12 Michael Schröder 2004-12-21 01:23:29 UTC 
SLEC has its own libxml2, please create a fixed version.
Comment 13 Thomas Biege 2004-12-21 16:56:50 UTC 
8.1 doesn't have the python package AFAICS. 
 
SLEC will be submitted in a few minutes.
Comment 14 Thomas Biege 2004-12-21 17:04:41 UTC 
Ok, I was wrong. 8.1 has a python package. I just judged from the non-existing 
spec file.
Comment 15 Thomas Biege 2004-12-21 17:22:42 UTC 
package submitted... schwere geburt. ;)
Comment 16 Karl Eichwalder 2004-12-29 16:59:43 UTC 
;) Thanks for your help!
Comment 17 Thomas Biege 2005-01-07 21:32:12 UTC 
packages are approved
Comment 18 Thomas Biege 2009-10-13 20:06:27 UTC 
CVE-2004-0110: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)