You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa libxml2

Sigurnosni nedostatak programskog paketa libxml2

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2214-1
May 15, 2014

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

libxml2 could be made to consume resources if it processed a specially
crafted file.

Software Description:
– libxml2: GNOME XML library

Details:

Daniel Berrange discovered that libxml2 would incorrectly perform entity
substitution even when requested not to. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
possibly cause resource consumption, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.1

Ubuntu 13.10:
libxml2 2.9.1+dfsg1-3ubuntu2.1

Ubuntu 12.10:
libxml2 2.8.0+dfsg1-5ubuntu2.5

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.7

Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.11

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2214-1
CVE-2014-0191

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.1
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu2.1
https://launchpad.net/ubuntu/+source/libxml2/2.8.0+dfsg1-5ubuntu2.5
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.7
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.11

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTdQD1AAoJEGVp2FWnRL6THPwP/A0tknbmKftAnIhg6tRmeZHp
bsiTYIXzfI9H17gc7zqKhlZLXgmAjQ1568iFz6qB5YjgIjm43IC+u9mlmfTSu5Ob
pWn2/WhoqJ5LnNumFQSTirgVzJ4juDYvUfu2CGAHkxE257Ecudy7lskbvvBnnvLA
mRpmvPwMzm3sMCcivsuwwRR1jtLuK6LnUchjPHIJwoKzRxMTWTQSzrUJ0wsPfoku
mHddkzyiVUKCFSDWz//vZT0O1OArUmEcqAlafU/LFupuqyMhgUIovoGuzRwD1g+7
zLx08aaoHz+gBVmhSoPBNKaZY48Dyw48hmtK2/2U63IYs9ssa4YJc5NAN5n9HCv3
5IwtHl6PnMfO4XH4v0bCN1ytcjdcEUh1hE6Te/eFQFId30RYXjVWN1kal37YXSUF
2cmskciQafaGPPD499y4BA0wA/wieNX9g0jpOd+p5SKpQNhB6LlDE9S7zYBj30Vb
+EvVPd9AIc8y8rwz/vQc655Yetpr7ZaWU42En+MpJKeE72qpODhdZ1ik3ayEgCcm
CXVUCtNd4dzZp9PQCxGzO685DnOK94UdZMBgd7fbl5PyiLJYZS8Aj/sgxITsiAOV
MkrgqOZgqaZuqOARXuSrsBiOz40quXKYsPN0BxP53YSHOpPThHiZOSo/xXDZXcKL
OWIhpBTv+1CAYSwL7x9J
=8Ijf
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2014-05-0013-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost programskog paketa openssl

Otkrivena je ranjivost u funkciji ssl3_read_bytes (s3_pkt.c) programskog paketa openssl za Mandriva Business Server 1.0. Ranjivost se javljala kada je...

Close