Libxml2 contains a double-free flaw in the 'xmlXPathCompOpEval' function [xpath.c] that is triggered when processing invalid XPath expressions. With a specially crafted XSL stylesheet, an attacker can crash an application linked against the library or potentially execute arbitrary code.

It has been reported that this issue has been fixed. Upgrade to version 2.8.0, or higher, to address this vulnerability.

Upgrade to Google Chrome version 14.0.835.163 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1027552
• OVAL ID: 14410
• CVE ID: 2011-2834 (see also: NVD)
• Secunia Advisory ID: 46049 46260 46601 46632 46636 47147 47538 47540 47572 47637 47715 48959 49592 49858 49930 50586 50728 51373 52051 52437
• ISS X-Force ID: 69885
• Related OSVDB ID: 75536 75537 75538 75539 75540 75541 75542 75543 75544 75545 75546 75547 75548 75549 75550 75551 75552 75553 75554 75555 75556 75557 75558 75559 75561 75562 75563 75564 75565 75566 75567
• Vendor Specific News/Changelog Entry: http://code.google.com/p/chromium/issues/detail?id=93472
  http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
  http://lists.opensuse.org/opensuse-updates/2012-01/msg00026.html
  http://security.gentoo.org/glsa/glsa-201110-26.xml
  http://support.apple.com/kb/HT5281
  http://www.debian.org/security/2012/dsa-2394
  http://www.gentoo.org/security/en/glsa/glsa-201111-01.xml
  http://www.srware.net/forum/viewtopic.php?f=18&t=2659
  http://www.ubuntu.com/usn/usn-1334-1/
  http://www.vmware.com/security/advisories/VMSA-2012-0008.html
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
  http://support.apple.com/kb/HT5503
  http://support.apple.com/kb/HT5504
  http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-11-767
  http://www.vmware.com/security/advisories/VMSA-2012-0012.html
  http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_XRX12-009_v1.1.pdf
  https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos2
• Mail List Post: http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
  http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
  http://seclists.org/bugtraq/2012/Jun/170
  http://seclists.org/fulldisclosure/2011/Oct/422
• Packet Storm: http://packetstormsecurity.com/files/121573/HP-Security-Bulletin-HPSBMU02786-SSRT100877-2.html
  http://packetstormsecurity.org/files/112296/VMware-Security-Advisory-2012-0008.html
• Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDVSA-2011:145
• Vendor Specific Solution URL: https://git.gnome.org/browse/libxml2/commit/?id=1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
• RedHat RHSA: RHSA-2011:1749 RHSA-2012:0016 RHSA-2012:0017 RHSA-2013:0217

• Yang Dingning - NCNIPC, Graduate University of Chinese Academy of Sciences