Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: February 23rd, 2015
Linux Advisory Watch: February 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: libxml2 vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529)
Ubuntu Security Notice USN-644-1         September 11, 2008
libxml2 vulnerabilities
CVE-2008-3281, CVE-2008-3529

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxml2                         2.6.24.dfsg-1ubuntu1.3

Ubuntu 7.04:
  libxml2                         2.6.27.dfsg-1ubuntu3.3

Ubuntu 7.10:
  libxml2                         2.6.30.dfsg-2ubuntu1.3

Ubuntu 8.04 LTS:
  libxml2                         2.6.31.dfsg-2ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that libxml2 did not correctly handle long entity names.
If a user were tricked into processing a specially crafted XML document,
a remote attacker could execute arbitrary code with user privileges
or cause the application linked against libxml2 to crash, leading to a
denial of service. (CVE-2008-3529)

USN-640-1 fixed vulnerabilities in libxml2.  When processing extremely
large XML documents with valid entities, it was possible to incorrectly
trigger the newly added vulnerability protections.  This update fixes
the problem.  (CVE-2008-3281)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    61589 1caf7319965402fb60d913d2cac18d8a
      Size/MD5:      940 7ab1c0777b48ddbf2cb27afcb37fcca2
      Size/MD5:  3293814 461eb1bf7f0c845f7ff7d9b1a4c4eac8

  Architecture independent packages:
      Size/MD5:  1252798 93eb74fac1b129ccd366c3b48704118f
      Size/MD5:    19074 04517d331d80308b97222436ea0245f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   918392 45eaa24bc7dde218bfca786eec6f9190
      Size/MD5:   737364 3718b55b85ba1229a4d99bb23f2e5b77
      Size/MD5:    36692 2a42ab94d27f8834f439e7b01888dcc7
      Size/MD5:   752734 b98c9993482c9e5ad8d66065d4fb4197
      Size/MD5:   181658 4325b8fde93378dad7a488a5829e1f5a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   766138 f1bb142ff585f888fecb8108ae31d46f
      Size/MD5:   641938 7a8fe1e56f828726f20fa6dd321dd7e7
      Size/MD5:    32980 7ec93f72efdc21ba783133a44b971116
      Size/MD5:   684720 2f103b8271a178219f188b846e151858
      Size/MD5:   166424 1a83e38ed030a757c9c11e3e9e31470b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   904972 bc07023c3e6e8e1c325f19150886d2b5
      Size/MD5:   761162 058a6215bc1c13a58a0eb1073eca0ac5
      Size/MD5:    37426 44b923891d07dbe1d6cac79a855eaeaf
      Size/MD5:   733722 968c8dfb542854913a7dba0d4f17b53f
      Size/MD5:   170810 b3b3c0a57c6854b3c9937c22edd82609

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   745746 818a1718390f14ee853caabc5031770f
      Size/MD5:   703460 57419e39af3ded76eea898fca33b921b
      Size/MD5:    34312 4f2860124fd44b350c485c14a9ee111b
      Size/MD5:   716606 63d1bf332588b487a06d144f86c2c56e
      Size/MD5:   174782 28bf85a981eb8f3e1fd3748846ef4c04

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   147778 90c5a5379cca6b0184e56cfa867fd296
      Size/MD5:     1109 6251978a31121be9704e732e9dffdfe8
      Size/MD5:  3416175 5ff71b22f6253a6dd9afc1c34778dec3

  Architecture independent packages:
      Size/MD5:  1293190 def20b492544e828c520732d112f1c78

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   894942 8d8f5338737fcd1d4ffc2571722a0825
      Size/MD5:   748010 df1863c983827a0eb1a8dfe2db7c49cb
      Size/MD5:   575622 bf3994ade2af4171962b0f3a25bca84c
      Size/MD5:    37142 d4aab16417845d43044981078a42f204
      Size/MD5:   809934 ebe61729c2b02353958a490175c2c931
      Size/MD5:   862394 4076a7a320c7a94d805df2ff4cfe3b6d
      Size/MD5:   292854 5d79c55c74cc1747ae18e161a065cfd8

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   851062 edd3db1efa6e8a3ce2f9981653cfd506
      Size/MD5:   672804 a5eaf6013329b2d5d0ed960a1c35353f
      Size/MD5:   527280 b0c58355b74b9dbfbec7d7ae6d6c5f8c
      Size/MD5:    34234 0d638fb62260342899ee268422c86c21
      Size/MD5:   761436 7b71af003bb09cd5865ca009ddaeff30
      Size/MD5:   788924 192e7774d8a44d83a0834c054702c126
      Size/MD5:   262454 33235eafbd6e3fa9b1cef4bad3a0af14

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   896274 f77201d38fd6e9cf95e1add627aaabe9
      Size/MD5:   774754 923d7f405a5e904a147982f95fca5a75
      Size/MD5:   560064 86428334645eddfff0375f3257ac15be
      Size/MD5:    42338 b491c713ef647bea36a37d877baeef16
      Size/MD5:   794890 27dca04d2795acaae253fd6a7530df3d
      Size/MD5:   856154 083d3754b7184172d8aa856f804456d0
      Size/MD5:   286514 e5df2f8da51bef8a9b157fdf3220cafe

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   788878 24311a6a98c7fd2ee3fe4ca4cecbb900
      Size/MD5:   715658 a4f6df673f6ea3fa1802bdf86167e40c
      Size/MD5:   539368 6015e03960be6fbc53e304d6203f2f00
      Size/MD5:    36400 1648dec7cc3513442a15617888bc606b
      Size/MD5:   774032 c61bd0ca3e8d746e3877273542eb0b3f
      Size/MD5:   816340 3acf524e12a660c49239ad97bac3f4ad
      Size/MD5:   278888 33db7679281b082201ac8d601536dcd4

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   180133 f353106fa6b9620cbe85768303f786bf
      Size/MD5:     1109 008021bac7ab86f94e21191d751f0f99
      Size/MD5:  3433982 fe52a06fd8f104308271eb7093a0b644

  Architecture independent packages:
      Size/MD5:  1300204 36af3e9b16bd27799e3abd951b552aab

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   895492 902054a8c94cd4947a37f1e94278c1d1
      Size/MD5:   753192 8884ca56c2444890249c3c5a5b17583d
      Size/MD5:   578688 5fc319ebc073b53d9e5c0dc7429effc5
      Size/MD5:    37190 7b7cb3d6e32f81e1e7eec67da07eba20
      Size/MD5:   819178 5f03cfc0eb3195506e35ccd3aa7d509d
      Size/MD5:   864032 7d3668daca4298c3bbb70818877d8ef6
      Size/MD5:   293812 519651823cda993c6e16820c8176fa50

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   854386 55945858ed6026bc7e38aee843ef54f2
      Size/MD5:   675428 7cc0f1d0e836d7f7918f18262209b622
      Size/MD5:   529110 4176d5926ee6bfd80b933d713b3552db
      Size/MD5:    34248 e96d46cabb0ba940518e33cbec215196
      Size/MD5:   770340 1d27ccbbba9caf56245118f370e37633
      Size/MD5:   792688 fad753dab9420d70d33f72f027385939
      Size/MD5:   263072 bbc9c417428a7a1cb0a1baa57bcf7f34

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   930126 1539cf51097e2535450ee91f71d57703
      Size/MD5:   679360 4fa06a46e1d863bbc43c0686ab156980
      Size/MD5:   529328 56c9fbedfaccf798c88a2e699d1fdf66
      Size/MD5:    34524 aa8dfb07389d11ae9a17164cee2ffe75
      Size/MD5:   770526 96d4b2e3d434fad5253f45953696254f
      Size/MD5:   788132 5259df67cec435b2611973612ce534cf
      Size/MD5:   259698 b483b4eea430a431555501068a9fe89f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   896810 d87a8bb0d334a67d4eecd6be885bd955
      Size/MD5:   777616 bead4cb2a6b8fb1be423fd78df12e71c
      Size/MD5:   561964 53b38490030af4cb12e486d8b0dd8e22
      Size/MD5:    42350 03bafd6cae37553295d1f6b5715b9d68
      Size/MD5:   802638 028dbe3416a848a76ab6f1df4e3cdd01
      Size/MD5:   857860 a0ee993267d1e219f8e5309cc6db5df4
      Size/MD5:   287282 a59e48da0eba408f7b1eab0cb7e0a965

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   787736 fee8ba3fb0cdc1d70346d85104938c00
      Size/MD5:   718524 af618f0f74e998cc4983c92a7f8de057
      Size/MD5:   541610 88e2a74bf0be404350c6f9af1579a2db
      Size/MD5:    36502 cb33c183f5d5f4a58231467ca4a104dc
      Size/MD5:   781648 b28160bdc0bd7dc40dad82465724f81e
      Size/MD5:   816056 338007bbb70350c9cad1f96eeb621e79
      Size/MD5:   279518 a037c1eb4fff9bd09e841e08642957d7

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    65676 41ae2bf959ad2d6a3ca1fc36c4fbf293
      Size/MD5:     1110 fa7e351bf0b10bca9d3b065e1241af62
      Size/MD5:  3442959 8498d4e6f284d2f0a01560f089cb5a3e

  Architecture independent packages:
      Size/MD5:  1302280 f016eca312da881a901af40e1931ecb9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   939160 e01e2ae4077b28b0b7c7baf126004309
      Size/MD5:   753858 46ee3831b7c22260d7c17ddae5561859
      Size/MD5:   580276 31b05f841a2c3998bdf9401fb69dca96
      Size/MD5:    37050 dfdbc191a4fedad95659eb753f69d13c
      Size/MD5:   832304 bcbc69f97e5df3956cfd22084d2a861d
      Size/MD5:   872914 1e7bf3869f7c62e98dc75f2307a72c53
      Size/MD5:   297980 7522d315e43d7d6fd728915a1b27db18

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   904922 3838f3d152caf8d11ede1c189104007c
      Size/MD5:   676308 2a12f6c769ad029c49660928f31ead1f
      Size/MD5:   533086 84d6b2c7777524a0b944aa34cdc43713
      Size/MD5:    34040 72b9c42142fb723f82b32efc23afa28c
      Size/MD5:   785690 fad5c4e037a43f53e629674b4ac29d1a
      Size/MD5:   796278 97340fbfc31e3862d698a0ad035dde78
      Size/MD5:   262964 e4487bc9cb402f50a6e761a9818f4e81

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   930958 b92a1d894ad0987d44b58282ea839d88
      Size/MD5:   679384 c00f47707caf2043dcc56d821f7509ca
      Size/MD5:   529010 5a957467f2fd604ee0259d244fbee919
      Size/MD5:    34492 2545d14030ecfc56862340a13bb744da
      Size/MD5:   781068 3065ff761fbfacb4dcea398cfcaa352a
      Size/MD5:   788516 b3d8ad92af95c60451b193393e35988d
      Size/MD5:   259636 30c3290af9c9e06e655590fa5dbbbeb1

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   923248 5a83a621a93b3bab677b94cda02d2643
      Size/MD5:   776130 21f3d67a6c69c45191c2cecb07414722
      Size/MD5:   563884 81a083ab295f1e5b471e3b5da616d904
      Size/MD5:    42068 2592dfecb4c7ab839ffecc1cc2e287ea
      Size/MD5:   816022 08bfce0447198ef3ba0dd9772d8715d3
      Size/MD5:   841306 0c3bc455495f52a0525bf1dafc5239be
      Size/MD5:   285374 a2e40e1daa0828aa179edda9b2dff0bf

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   826198 d223d6a4119b9ab1d05477e6e492591a
      Size/MD5:   719558 90a5205670e9d19de3678df8ff457b94
      Size/MD5:   540940 ff0e80932e976d852a5c892cb389fb3a
      Size/MD5:    36184 d9f5cf94b7069dd5551b8465068aeef4
      Size/MD5:   792968 0eb3d4c14446e193c2726295d96497ec
      Size/MD5:   807828 ec9f3cd6c758cffa21e0bc0071c11f0e
      Size/MD5:   277526 8440b68a39d6df8dc4d5b649013b0ced

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
More than 1 million WordPress websites imperiled by critical plugin bug
Yahoo exec goes mano a mano with NSA director over crypto backdoors
Update: Superfish is the Real End of SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.