You are here
Home > Preporuke > Sigurnosni propust programskog paketa libxml2

Sigurnosni propust programskog paketa libxml2

==========================================================================
Ubuntu Security Notice USN-2214-2
June 09, 2014

libxml2 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

USN-2214-1 introduced a regression in libxml2.

Software Description:
– libxml2: GNOME XML library

Details:

USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a
regression when using xmllint with the –postvalid option. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Daniel Berrange discovered that libxml2 would incorrectly perform entity
substitution even when requested not to. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
possibly cause resource consumption, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.2

Ubuntu 13.10:
libxml2 2.9.1+dfsg1-3ubuntu2.2

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.8

Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.12

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2214-2
http://www.ubuntu.com/usn/usn-2214-1
https://launchpad.net/bugs/1321869

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.2
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu2.2
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.8
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.12

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTlcg4AAoJEGVp2FWnRL6TwzUP/3Ncxqd+F/TxUBLDLEN/TDUQ
PC6wLUlfeDh05VrkiyyIIPbDnEbA3Gj0WEZmgpBCHYXgeBH4EDNxCu19E6W1TZrq
P8Fnn9/mM6cGCRlTMhoJ62IDrQ3+yzDICSJ/WldOow3ck8Osl5b08IxLssIP8g/Y
+iCNg4iVaw1rYm9OG6mSr8bviUh9peu4FO7heCCJjBYOcNqwlwuv0fIBITUfEUOE
HPYjClUYG8RidQV0ukxXGplY1r337IVYnyU4QZ3p5n/i9XYGI1TdkAcrsoWEwz9j
UYlzSSmz4HWRwf5fDGKjk1SgpA+hVEaq7uRUZbTRUVh3maWFdfd9s3/Z7SMaLEit
bjsjPgXXDQvOVG90e++L/uEcmpgFNSyQKY3nrSdl2TuLTPJ7O0RqN9o77yHXnF9m
ddLKgkV8kFn8DQY+rvPe1ywbjXHBLnhfzPOdG4CaPg84qVp6RutnBPZ9h9/J8aHk
jR9nPO+w/ygGZerPWx793PMppKG/tJbYqzu3ytDAa6pr0eI5c8TXbhzUrJbr6DYb
bNkxigYQK1HvZ1K9J331i1cyJYZeZeDmKRe43szRPyNLjrJS6BhvnbbUAuAl86Bt
dcrKMJ4wmWJwH7FsO3NfsEwPC27NOp6xjiFrTiCgmRG+jJDZJnImjxSFidmnBAEt
H3ghs0dqn1SCBMmiam9u
=nMPC
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa dpkg

Otkriveni su sigurnosni nedostaci u programskom paketu dpkg za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izmjenu datoteka zaobilaženjem...

Close