==========================================================================
Ubuntu Security Notice USN-3494-1
November 27, 2017
libxml-libxml-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
XML::LibXML could be made to crash or run programs if it processed
specially crafted input.
Software Description:
– libxml-libxml-perl: Perl interface to the libxml2 library
Details:
It was discovered that XML::LibXML incorrectly handled memory when
processing a replaceChild call. A remote attacker could possibly use this
issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libxml-libxml-perl 2.0128+dfsg-3ubuntu0.1
Ubuntu 17.04:
libxml-libxml-perl 2.0128+dfsg-1ubuntu0.1
Ubuntu 16.04 LTS:
libxml-libxml-perl 2.0123+dfsg-1ubuntu0.1
Ubuntu 14.04 LTS:
libxml-libxml-perl 2.0108+dfsg-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3494-1
CVE-2017-10672
Package Information:
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0128+dfsg-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0128+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0123+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0108+dfsg-1ubuntu0.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJaHGspAAoJEGVp2FWnRL6TQCwP/0mMcYoNC0cDri/ZWxEZ1Nkk
Coi1dagEJ1GBxP0ysuQbzqUazN2KOT7dbL+a2AubEjoaLY+SD1hAKpy9Bn5P5LUL
XEFjESZcTGwoQTRMLkkdoawODu7o+n/Y8RJIgjhXVzWhXw6Zn8+/pGA+b4o4iwYt
r1R+pOQJEsOYU6GIlY4ud8PlmV2vyYzGNQaop9/Msv/jGLtv46QzomBv0BqxTwXA
DW7Ryoot3SoLCKpx7/PQHO1Oq9rgWw8ErrHi4xcZH+rAc6jbyYPhBfdFArf38plT
Hjaz1xGfViHIkAce8CurXrHDGgEFhuOYhDeOdODA0E+vhDQP4gNCuP5TKhXVqhXT
yDl7PjqAdKWPmZfM42ft6O1pJjKqR3AqpzCDS5bliAbTwi86pZWqIwu7vhvzI3A4
7DDjs6yxj5nPbXDBQm3I5bGncwr06h2ilycsuCQCGh1jkfFS2ddAJmhp9LV8uo8X
y9A9AUO08FAJNAMeK51M0rSdqEmae2mPJQ6Y7AyYlaeYWxxwbDFmfV8aJKftM1rL
WdoMyG1Bj2MfHk3uNI1r3YDdFcMIULzIGzKnRxgnkNWIFhBEsm5OYl36kJaQQ6gD
YrEO6mNQEKYeDiowYY8b75WSmNQdoGy0K47yqdTRuYWp9HxGooYjMVdjxmPNw0K0
LZUWF5W3BUHLnS0KIQTb
=HW8R
—–END PGP SIGNATURE—–
—