==========================================================================
Ubuntu Security Notice USN-3504-2
December 05, 2017
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
curl could be made to crash if it received specially crafted
input.
Software Description:
– libxml2: GNOME XML library
Details:
USN-3504-1 fixed a vulnerability in libxml2. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libxml2 2.7.8.dfsg-5.1ubuntu4.19
libxml2-utils 2.7.8.dfsg-5.1ubuntu4.19
python-libxml2 2.7.8.dfsg-5.1ubuntu4.19
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3504-2
https://www.ubuntu.com/usn/usn-3504-1
CVE-2017-16932
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaJrA9AAoJEEW851uECx9p7zoQAI6hYhOPGJufbfru7ST+JBcC
2sll7Wr/ejLmX811yFOo49X7WD+H+1vvTTTnSpkbNjqVOKA9Y1tZIP7XFkrJyOBE
kzTs+sqFHO2Eiu58B0xuMFTF27EKcyAdr/fjdacJ0qDV+Zx45cIAoKCfcx7C6X8x
ie1eLMDx1Mc/DRkIcLCzHjuZG/f9SxGUW5H2Y/Rb2VJUYwPfrChMjJ+EMSYX/56+
gZqodSJ/LG60fD7F2E36opGrWAa80WN6/KPdBXVZvo/GS1MbejbjeHbiRsV9SrXl
iRp8lViWJ7mAy+ch9PeadDU7a1EzC6nweEnjX4m0tZjyxqtf5LqumACCBDc63o/a
hc42DqhaRxaqC3KVgZOIFMJOewJewryocPMpI7uA+DkXkAAPcJPy8XpfCOgBtj/t
2sIVV6wFWO5nxSbx4esRmzrgF0bw8SmkERT41zJ8R9Q/iadv4Ke8uh01ibyiav05
ns1u+GmKa3aBUC37z+5ZQNPlq3U8aeiTgxmSGQf27xQVSUKFJUwlObjTABDlj5tl
WXgi/dEZWjoFtTL14P+aTnCKBX7ytchkPK0jtgvPkeuiXwyvcSuln5peQV7ijDT+
UlVylbGTRnFALcn5TTeW3XfwQ2JkxD7DHZC4ryhZlTEU8xHjF0hr+/J346BMQ+VV
/w7Rhydkzv8X72ynBNAL
=Hukv
—–END PGP SIGNATURE—–
—
==========================================================================
Ubuntu Security Notice USN-3504-1
December 05, 2017
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
libxml2 could be made to crash if it opened a specially crafted
file.
Software Description:
– libxml2: GNOME XML library
Details:
Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libxml2 2.9.4+dfsg1-4ubuntu1.1
libxml2-utils 2.9.4+dfsg1-4ubuntu1.1
python-libxml2 2.9.4+dfsg1-4ubuntu1.1
python3-libxml2 2.9.4+dfsg1-4ubuntu1.1
Ubuntu 17.04:
libxml2 2.9.4+dfsg1-2.2ubuntu0.2
libxml2-utils 2.9.4+dfsg1-2.2ubuntu0.2
python-libxml2 2.9.4+dfsg1-2.2ubuntu0.2
python3-libxml2 2.9.4+dfsg1-2.2ubuntu0.2
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.4
libxml2-utils 2.9.3+dfsg1-1ubuntu0.4
python-libxml2 2.9.3+dfsg1-1ubuntu0.4
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.11
libxml2-utils 2.9.1+dfsg1-3ubuntu4.11
python-libxml2 2.9.1+dfsg1-3ubuntu4.11
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3504-1
CVE-2017-16932
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-4ubuntu1.1
https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-2.2ubuntu0.2
https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.4
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.11
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaJqqOAAoJEEW851uECx9p0hoQAL6JSCZx9CefkXTVpnVE+3gC
LlS5vzpQiIr3xahyryJ7f2osf5IdMt8HUXlITJvHgIzqrbIXvfjNaiipVi0qNWIp
BKS811/ybzfa/C7bkQT34pa1d/uwZkUzsh4UkndXRHbpN5rck2lptI2e1WYSHvHA
yAyp6Oaqywdrq/oXZcJuvhZkE9E8nBuPEoVuwlXHTAOMt7oqj5NucKnIcWo9dz6c
k33xyn9Kr6QzIR7PEHFm9ncT+6nkQzmCLBiU5StIiXn1SQNeRMAzgiTxAmBUp75p
E5Z8H2SsI5/Roti5bLt7J9X8Pzasgpj0/Y/+W5Q6UFlVzO2I/uTOILXZHLFXSR8k
Erxxo1h1U4DzOpvulsje46PuVjOrD42mKZhumxKilTuJN0fd/nD6BxpatNcvmqZy
h3mAHXmVG8UevRtFSIHYh8wU9u0L8IoxgoWaDnn8MsqQDnxMni31lsQUJXc1CAkv
uJBClagSSe/v26qQ9cHO31owApG3OpTPaL4cag2WjL+vXYB8KeenIpUOgHJEsnXi
v3xqRkZ+ugcmFTVorzuXie0y9VecFrADNCqfVzS6wsvYv6HsMX6I3k1tjzIWeWCP
TKjSMLUB1EaxZrB7DkGdi7q4ZzKFPuMPjxJQ/vrU/9+EMNHGRVdCYP5ktGL1XgCp
kTtQ4tibLb6d9fufsz6J
=9sJQ
—–END PGP SIGNATURE—–
—