LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: XML-RPC for C and C++ vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)
===========================================================
Ubuntu Security Notice USN-890-5          February 18, 2010
xmlrpc-c vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libxmlrpc-core-c3               1.06.27-1ubuntu6.1

After a standard system upgrade you need to restart any applications linked
against XML-RPC for C and C++ to effect the necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for XML-RPC for C and C++.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
 not properly process malformed XML. If a user or application linked against
 Expat were tricked into opening a crafted XML file, an attacker could cause
 a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
 
 It was discovered that Expat did not properly process malformed UTF-8
 sequences. If a user or application linked against Expat were tricked into
 opening a crafted XML file, an attacker could cause a denial of service via
 application crash. (CVE-2009-3560)


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/xmlrpc-c_1.06.27-1ubuntu6.1.diff.gz
      Size/MD5:     8970 3c900d470791bc6f96fef9f62ff855a6
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/xmlrpc-c_1.06.27-1ubuntu6.1.dsc
      Size/MD5:     1235 ff5185e7e4f8dd3e28ca8ad37a71bc91
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/xmlrpc-c_1.06.27.orig.tar.gz
      Size/MD5:   699510 bd58eae4f4ff3a5c469702dfeea55ec6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1ubuntu6.1_amd64.deb
      Size/MD5:   191574 c2a2705611c5b231cc3bb3437c156f98
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubuntu6.1_amd64.deb
      Size/MD5:   138520 10302283794426be7ecb9f9da8826977
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06.27-1ubuntu6.1_amd64.deb
      Size/MD5:   150084 ae045bdb465eb913731eb9e5fd66f6a6
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-1ubuntu6.1_amd64.deb
      Size/MD5:    99832 b6fbfc2bf4410876efc9fe10d0d26be1
    http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.27-1ubuntu6.1_amd64.deb
      Size/MD5:    33750 09898228a91d9b0b10f3c4aef67ec190
    http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.27-1ubuntu6.1_amd64.deb
      Size/MD5:     9380 b807c5c14b048de0e885211d8411e72e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1ubuntu6.1_i386.deb
      Size/MD5:   182138 7aa09d75854f07632eaa36fd9beb6843
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubuntu6.1_i386.deb
      Size/MD5:   131416 56f607d37920de0f41c27b69334111e6
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06.27-1ubuntu6.1_i386.deb
      Size/MD5:   140394 5da6f9cd96c63509ca9784a7042eba65
    http://security.ubuntu.com/ubuntu/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-1ubuntu6.1_i386.deb
      Size/MD5:    89646 cd2d07e62047f070662d10f060df0cfe
    http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.27-1ubuntu6.1_i386.deb
      Size/MD5:    32702 6b1a84ec6820543c9dc7b953a5f123e5
    http://security.ubuntu.com/ubuntu/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.27-1ubuntu6.1_i386.deb
      Size/MD5:     9384 4819490cbfacdd94a8cf0db7f4f17e79

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1ubuntu6.1_lpia.deb
      Size/MD5:   180186 39862ee6fb6e16f4dd1003ef8b686028
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubuntu6.1_lpia.deb
      Size/MD5:   130832 56c7b4f046f1f8f873306080bf4cede2
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06.27-1ubuntu6.1_lpia.deb
      Size/MD5:   138558 86254ef314197d91bf950920877dd57a
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-1ubuntu6.1_lpia.deb
      Size/MD5:    88648 8cc8e2985938247771e282fb2ec74ed2
    http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.27-1ubuntu6.1_lpia.deb
      Size/MD5:    33176 83324c4b95b606fb340f0befff3d31e1
    http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.27-1ubuntu6.1_lpia.deb
      Size/MD5:     9384 c7b935f896abac2f9bd56b5b28445310

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1ubuntu6.1_powerpc.deb
      Size/MD5:   187912 486758dc40e04cf06ad1fdce6ae16e6d
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubuntu6.1_powerpc.deb
      Size/MD5:   137040 67220384287d2e5b2794a17262445556
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06.27-1ubuntu6.1_powerpc.deb
      Size/MD5:   156454 675c23ccc310f179ec1f7997645aac1f
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-1ubuntu6.1_powerpc.deb
      Size/MD5:    94152 d2f177d93c783799c63991b64d6ceeb0
    http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.27-1ubuntu6.1_powerpc.deb
      Size/MD5:    33250 98efefe38967441c5c15d3d06e1f4051
    http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.27-1ubuntu6.1_powerpc.deb
      Size/MD5:     9386 5b79da5cbaf25ed20b9f11a9c06697e5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3-dev_1.06.27-1ubuntu6.1_sparc.deb
      Size/MD5:   183118 3b3bef9a36389a1ba4f92ecd11c95977
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-c3_1.06.27-1ubuntu6.1_sparc.deb
      Size/MD5:   125894 26ea9b2e3c93e1969a4b57a2237d5f6b
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3-dev_1.06.27-1ubuntu6.1_sparc.deb
      Size/MD5:   119290 4a15dcbdb3429aed9263f3940f04fcd2
    http://ports.ubuntu.com/pool/main/x/xmlrpc-c/libxmlrpc-core-c3_1.06.27-1ubuntu6.1_sparc.deb
      Size/MD5:    83000 2caba2114e0745fffa7bd71c52373cc5
    http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2cpp_1.06.27-1ubuntu6.1_sparc.deb
      Size/MD5:    33024 952e863564659fc1c9e73be847ff5756
    http://ports.ubuntu.com/pool/universe/x/xmlrpc-c/xml-rpc-api2txt_1.06.27-1ubuntu6.1_sparc.deb
      Size/MD5:     9384 ea9363a086d7bcbf10b7ab15e6c8adeb




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.