==========================================================================
Ubuntu Security Notice USN-2214-1
May 15, 2014
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
libxml2 could be made to consume resources if it processed a specially
crafted file.
Software Description:
– libxml2: GNOME XML library
Details:
Daniel Berrange discovered that libxml2 would incorrectly perform entity
substitution even when requested not to. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
possibly cause resource consumption, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.1
Ubuntu 13.10:
libxml2 2.9.1+dfsg1-3ubuntu2.1
Ubuntu 12.10:
libxml2 2.8.0+dfsg1-5ubuntu2.5
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.7
Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.11
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2214-1
CVE-2014-0191
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.1
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu2.1
https://launchpad.net/ubuntu/+source/libxml2/2.8.0+dfsg1-5ubuntu2.5
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.7
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.11
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTdQD1AAoJEGVp2FWnRL6THPwP/A0tknbmKftAnIhg6tRmeZHp
bsiTYIXzfI9H17gc7zqKhlZLXgmAjQ1568iFz6qB5YjgIjm43IC+u9mlmfTSu5Ob
pWn2/WhoqJ5LnNumFQSTirgVzJ4juDYvUfu2CGAHkxE257Ecudy7lskbvvBnnvLA
mRpmvPwMzm3sMCcivsuwwRR1jtLuK6LnUchjPHIJwoKzRxMTWTQSzrUJ0wsPfoku
mHddkzyiVUKCFSDWz//vZT0O1OArUmEcqAlafU/LFupuqyMhgUIovoGuzRwD1g+7
zLx08aaoHz+gBVmhSoPBNKaZY48Dyw48hmtK2/2U63IYs9ssa4YJc5NAN5n9HCv3
5IwtHl6PnMfO4XH4v0bCN1ytcjdcEUh1hE6Te/eFQFId30RYXjVWN1kal37YXSUF
2cmskciQafaGPPD499y4BA0wA/wieNX9g0jpOd+p5SKpQNhB6LlDE9S7zYBj30Vb
+EvVPd9AIc8y8rwz/vQc655Yetpr7ZaWU42En+MpJKeE72qpODhdZ1ik3ayEgCcm
CXVUCtNd4dzZp9PQCxGzO685DnOK94UdZMBgd7fbl5PyiLJYZS8Aj/sgxITsiAOV
MkrgqOZgqaZuqOARXuSrsBiOz40quXKYsPN0BxP53YSHOpPThHiZOSo/xXDZXcKL
OWIhpBTv+1CAYSwL7x9J
=8Ijf
—–END PGP SIGNATURE—–
—