Tuesday, June 17, 2014

[USN-2214-3] libxml2 regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJToC7eAAoJEGVp2FWnRL6TmhMP/j5Hooc+syxp/krCkSwcmNrt
oxSNV/1a8FSugU26Fugn2+K7CSrXFSwyzWkVfAo6tA8Ar809vVwzw8nQqld9OdS7
E4MLPGhxSMQ8WAddEaKpfafc4n9Q81KSaxxVBabHzN3OCACLpJuLQcPCH121mZlc
mkIhgBEAbCk1xPEcxzf27hV6ETI9DieICXyEcDx71V0Kn5TBhk//w6s8YOaA6dt9
kcrGuOs0hDDboqsMPXT7be+VhGWDPRS9zcBMlJ29k4eSR/1a2Rxal+wgaGqhdCy9
fuklQ5hqG1KhaDFsM4SQh6qqTcUtYxyvB/rRNCkfNaV4EzZUIs1MWg6preKcHVmc
OUPtVZ4TJCxCdLgYpMM1rlWHDW7+Uwx5vWwRrMgyZLYJaetM8LES+jnTSnDXXcxY
lPBUgt/Hv/HpNrQ8tTam8EmhaNvgMzfCthFLkDCLvvlXbTuNj2MmfhhF37lbUCiA
qLUngPggERBbGR9GuRdpR9yg0w9VzGhp+wlk1dpqFwsiyu4L/Gytq/OymVjqE7FT
8vqQb8vfR8PIwjIId97+M/nMjVQBlITEdq64NCj5VWwjuJpl9C841WwX5xiqRLs7
ESh1zYXXJFQVX9nrbCffU3Xg7vKZ8I+0UE3LKFc3k/CMGZsVaaMGAUON9Wn94L9i
T1FV/8qa1ZbpIrTMPdOW
=CeeO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2214-3
June 17, 2014

libxml2 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

USN-2214-1 introduced a regression in libxml2.

Software Description:
- libxml2: GNOME XML library

Details:

USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a
number of regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Daniel Berrange discovered that libxml2 would incorrectly perform entity
substitution even when requested not to. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
possibly cause resource consumption, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.3

Ubuntu 13.10:
libxml2 2.9.1+dfsg1-3ubuntu2.3

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.9

Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.13

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2214-3
http://www.ubuntu.com/usn/usn-2214-1
https://launchpad.net/bugs/1321869

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.3
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu2.3
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.9
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.13

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)