Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: libxml2 vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.
Ubuntu Security Notice USN-569-1           January 14, 2008
libxml2 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxml2                         2.6.24.dfsg-1ubuntu1.1

Ubuntu 6.10:
  libxml2                         2.6.26.dfsg-2ubuntu4.1

Ubuntu 7.04:
  libxml2                         2.6.27.dfsg-1ubuntu3.1

Ubuntu 7.10:
  libxml2                         2.6.30.dfsg-2ubuntu1.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Brad Fitzpatrick discovered that libxml2 did not correctly handle certain
UTF-8 sequences.  If a remote attacker were able to trick a user or
automated system into processing a specially crafted XML document, the
application linked against libxml2 could enter an infinite loop, leading
to a denial of service via CPU resource consumption.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    58151 14f48b349e2a6b6ce695401dbf57fdcc
      Size/MD5:      894 21632294a2c1c8011f4193fe4b2b38cf
      Size/MD5:  3293814 461eb1bf7f0c845f7ff7d9b1a4c4eac8

  Architecture independent packages:
      Size/MD5:  1252744 b5a8e6f167c240aca1ce9043a8f0d937
      Size/MD5:    18890 d09f50ac3678dcb4c10763a788e54442

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   917374 5fa596e88c231b233d7cfcd1212841a4
      Size/MD5:   736776 245e0057a499d22faa4d3bdd37987d07
      Size/MD5:    36700 d019bea4d49a15a3b374300cccc8fffd
      Size/MD5:   751990 ec666dfdecb573c581bc495a9518d13d
      Size/MD5:   181660 5e34cf00bdb8d15b79bd1827a49b5b18

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   765424 35509e4751ecba58c3d1b5576cb0da9d
      Size/MD5:   641078 94196c0fdf434299a97d84ee81085532
      Size/MD5:    32978 e325977162a24c6b0b66c0565234ff43
      Size/MD5:   684132 12823417ff1e678e76e748bf144bb23e
      Size/MD5:   166432 cf4a991ece17342ef7db3be6bc609bb5

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   903834 97da6381510998b5c5b0680a0043dd87
      Size/MD5:   760458 f11467ac2015a1a3b8972be7781b67a6
      Size/MD5:    37430 b8828a5d10cccd80c6d52852312a8115
      Size/MD5:   732852 52d7fbd22e1998f6637f153bfa91c3c3
      Size/MD5:   170818 6a8aea50a49f9f4f257d8e790307d255

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   744628 6f75bd45c1f8f045e175b55a1e4c54fc
      Size/MD5:   702826 cd9a12cbd5c657502d9537bbfd7ff985
      Size/MD5:    34318 be052727daaa6f8d404431ebd2877620
      Size/MD5:   715988 94336bfbfcceaa0ee95490b9d714a440
      Size/MD5:   174778 e86fe896b8f6eae184c476fcbf162c02

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   136421 b2535790742a2400d93491b54cbabbfa
      Size/MD5:      925 48a2f327de2696b6572534b371337991
      Size/MD5:  3312920 d68254670f98586610c85a6f6020dc0e

  Architecture independent packages:
      Size/MD5:  1281404 d810d36589a1ae5ee424da463ad88afe

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   888700 2984129eb3c535d1b232eef99a2af97a
      Size/MD5:   744272 4e49079b0c8dc2c639ce30ee701d906d
      Size/MD5:    36698 7769d6aa4037d1919cd60db8289c2084
      Size/MD5:   788598 59f5046418a2ee99ef78164551a066f6
      Size/MD5:   279520 a0066e95d8efd81c6381a9d56ff9b1b9
      Size/MD5:   560410 0fdec92f80ed894c6767404d8ec7c565

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   842804 f8f198d554d74e015a2d00dc96bd603a
      Size/MD5:   670214 2c3826acd16299d0097b128a61f8bf63
      Size/MD5:    33862 388a50d26fb13b9fa5a1c9915ea4f8cd
      Size/MD5:   741588 027e11b90dd6adef637d4798c7375768
      Size/MD5:   251048 d1389a08b347e4ef3d6c76a54064cbb9
      Size/MD5:   513086 bcee2a49d0e314fa213810b8e4b97809

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   889140 008f3ac23423228e3ebe2d708b1090ab
      Size/MD5:   770812 015b150f481eb023536ade64ec4a7322
      Size/MD5:    37738 b8b8e93ebddaa90a7075cdebd44a7a83
      Size/MD5:   772872 cee458f4f2cb4fe0aa02ce6e8249950b
      Size/MD5:   258376 594831d0d50c7cab41e051871f7feceb
      Size/MD5:   545034 0868b828ddf585d7b6574aae9d1be648

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   774044 cac1fd92280a79c321c8294f018e011c
      Size/MD5:   712790 bb54bef9eb96a8461de01d4f7c64454a
      Size/MD5:    34714 62155a5428112a23d8987f4ff0f979af
      Size/MD5:   754196 cc2e93dd44027feba2e335a062c0cb48
      Size/MD5:   267350 4096e4efe121a62060938658af688bb6
      Size/MD5:   526494 878ec3a5be598b0e8a0a6e9c4f600347

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   144224 1b9751ddbf05b8bc6ef29b42634cd535
      Size/MD5:     1063 65dfc487e7e3ba42a2419fb26d5e2b56
      Size/MD5:  3416175 5ff71b22f6253a6dd9afc1c34778dec3

  Architecture independent packages:
      Size/MD5:  1293068 2a1c600d0be9f81696bff341943bfeb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   894350 acbcf6a5f1e99eb6b9642b934dcb65a2
      Size/MD5:   747332 749b56c662bb0df8acb9ee25525e626d
      Size/MD5:   574950 ff23905600521aed69b26a61da363e44
      Size/MD5:    37142 8c7e56d3d36823e4184bf44266fa4aa2
      Size/MD5:   809100 4693394cfd10fc8dc104929cb83f1460
      Size/MD5:   862202 7f117367690090ed4f069536b4b250c7
      Size/MD5:   292868 e2f635dd4078e17064aab37c2cdc8798

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   850434 6fdf712e6fe60c07a4b99a40aef4db49
      Size/MD5:   672400 5a3a0e6fb684b455564ddd9235062db0
      Size/MD5:   526900 262d4eca6c69ad63a218a2b45e593747
      Size/MD5:    34226 bb8a5e189e2f119f1568cfea799a8e99
      Size/MD5:   760988 7fceec70a5be5ece3cfe03cc898f1275
      Size/MD5:   788584 f4c0a0097fa2b5f8f80a3acede4c9644
      Size/MD5:   262456 2060ff7ca434ce395a2fa234d3e152e2

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   895514 8f93c23c7fc5e2b3d17e08f1bd2d18ac
      Size/MD5:   773952 50226e5dc1f74b989d9f0ff228b28ebf
      Size/MD5:   559270 5834b5824a221fbccc3a93b96724c5d8
      Size/MD5:    42338 dacf911b83e202c81f8cfedd7bfcd356
      Size/MD5:   793922 f54bcc563218cff154dcc030688ef2f0
      Size/MD5:   855946 fb2af13aa01a8c632af50fe36de8188f
      Size/MD5:   286500 321019238a735572b57c529211723b91

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   787760 3139c39add7412823144807b24db05bb
      Size/MD5:   715026 3edbe6b65f3718274176906985b62e08
      Size/MD5:   538624 a341ec59dfb434ea1b91f3683b3e884c
      Size/MD5:    36404 220371974ed6f7884d3fb688999e67a2
      Size/MD5:   773140 6fc5d9c69d785a5516a6ae5b34cb174a
      Size/MD5:   816036 60e7562b076f63637713fcdd2f790225
      Size/MD5:   278892 3eda4635ec4ac8f23a910e02b95bd4d5

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   176683 a4ce83a6ea098404db907d1d2f72d38f
      Size/MD5:     1063 b600047363cafb8c24d516c65925a6fa
      Size/MD5:  3433982 fe52a06fd8f104308271eb7093a0b644

  Architecture independent packages:
      Size/MD5:  1300034 4e288d846923596cf7aa37fa67d50185

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   894548 c872ec5c6116b49bd87dd39f79528e22
      Size/MD5:   752442 a2ee24366619719f9556982ac22a27db
      Size/MD5:   578210 8e1d3536be984352302938567ee87f2b
      Size/MD5:    37190 65e1c1f2c52f02442ccce2c140ce3926
      Size/MD5:   818380 b1400d105831b7bf559dfd2ba20be488
      Size/MD5:   863728 a4d843958eb81f23a19cbb7cf019a6c9
      Size/MD5:   293804 0004d579e3b2255a42d6abc63ed68ab4

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   853540 eacc403b4d7812ddd9d1c7cd286b64a1
      Size/MD5:   674934 fcb3481343e49c88337154c07dba4c94
      Size/MD5:   528812 0201712d54449b6af47aaf4b3baa477f
      Size/MD5:    34248 adea2bfdbfcc440f476cbf43716a8425
      Size/MD5:   769740 7589866a03671cb95e29d997a80d7b3a
      Size/MD5:   792272 674ef80d3e356b1c6e72a7a9668e0b0f
      Size/MD5:   263080 b31371b9e3a6870033b1c8d6c0353694

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   896016 7f6d612c8301755b77dd01363c19dfc0
      Size/MD5:   776966 a5123512f62a64178289a8b735a45aff
      Size/MD5:   561218 ca3cc3d56852b2f241fc9780f6d7e539
      Size/MD5:    42344 91bac63b9249ac922074704e69758781
      Size/MD5:   801824 81ff7f9fc82fcf539c94e2333cbcc830
      Size/MD5:   857754 e589ed34a6231213d688c31a4a40777e
      Size/MD5:   287274 6d21408e1221dafbf99cdb24c2626c93

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   786524 7c03f943618178e6815320f729078328
      Size/MD5:   718066 dc222079aa90d18323d092e49a875b51
      Size/MD5:   541086 b0dea5f83fbefb371da3f9dfbfae3221
      Size/MD5:    36496 cd9a0242a62de70d53ec73f174623918
      Size/MD5:   780846 3c2454be99253bcd16ecedabe59cb068
      Size/MD5:   815844 525b901dbcc7d3df2131650a8c9eca25
      Size/MD5:   279502 0c43a55b203ea3ca72fc8c6087ccca94

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.