User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-1334-1 (libxml2)

From:  Jamie Strandboge <jamie@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-1334-1] libxml2 vulnerabilities
Date:  Thu, 19 Jan 2012 15:06:34 -0600
Message-ID:  <1327007194.3307.13.camel@localhost>

========================================================================== Ubuntu Security Notice USN-1334-1 January 19, 2012 libxml2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. Software Description: - libxml2: GNOME XML library Details: It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216) It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834) It was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905) It was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.1 Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.2 Ubuntu 10.10: libxml2 2.7.7.dfsg-4ubuntu0.3 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.3 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.7 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1334-1 CVE-2011-0216, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 Package Information: https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4... https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2... https://launchpad.net/ubuntu/+source/libxml2/2.7.7.dfsg-4... https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1... https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds