You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa libxml2

Sigurnosni nedostaci programskog paketa libxml2

==========================================================================
Ubuntu Security Notice USN-2875-1
January 19, 2016

libxml2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.10
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

libxml2 could be made to crash if it opened a specially crafted file.

Software Description:
– libxml2: GNOME XML library

Details:

It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
libxml2 2.9.2+zdfsg1-4ubuntu0.3

Ubuntu 15.04:
libxml2 2.9.2+dfsg1-3ubuntu0.3

Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.7

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.14

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2875-1
CVE-2015-7499, CVE-2015-8710

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.3
https://launchpad.net/ubuntu/+source/libxml2/2.9.2+dfsg1-3ubuntu0.3
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.7
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.14

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWnqo3AAoJEGVp2FWnRL6TlFgQAJfNVYE4mncbkUCiWefuPleb
gvHNIZoBKKuWoviCtk/oI0odeH+vseE1iSSQwnhZblfVDXSPt2zvHkWPlncM5hwy
ZjYCL6tO0G7Sl/vBRdqtELiYlwP4lnwyTmGUptLE883Empe236LFDP+Z0msLmYhE
ySwpbZIANeDUbXVhEgi412Eu+W9cO4WmgUyjSuwLAqS1ZEE9Ke/1OTnSFXZVqtH/
4O5vcof76Csn5Hs//nUNdQUDSJm8GCYuV3RU2He0bJUkjDC1hWmBvaCOi22Z2FBf
d7rp1eQ3oUzJzVRs7NCU3kN3uV3H9IvE8t94Y0ePe8J7TEchCdph5ZboZ4Mbps0U
kUSN5MjNCAcjkI1VR4JS0y3rvU0DxtBwI+G/M45FqKeaaD3piu93pbQx4jDeN+JL
xZ0u9speM5mbQS1tzaRGPSkjpDIL0wRWwyEvKNHBSmkmR7Rm1kX5vSgdXadSsuMr
oU3/0PEu9SQczQV5ayMgNt72JRErHLbKDshbfwk0zQ/mG6Kztl9+4abv+UjWEpS4
LnlYMowZMKbt4UCFZ0dmOfDgsalzGPknCDsXCOKusop78PgYCDITflmUvkKnq4cW
SLzP4HIuWyRDo8wlhuvYwZCxfJfP2B2x6LiiP7vbjrb90djmZdAxwqOUuWVNuRM+
7fB/T9nbFjFkg5EfDrC6
=eilE
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak u radu jezgre operacijskog sustava Ubuntu. Otkriveni nedostatak je uzrokovan neispravnom implementacijom "session keyring" komponente. Potencijalnim...

Close