- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2214-2
June 09, 2014
libxml2 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
USN-2214-1 introduced a regression in libxml2.
Software Description:
– libxml2: GNOME XML library
Details:
USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a
regression when using xmllint with the –postvalid option. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Daniel Berrange discovered that libxml2 would incorrectly perform entity
substitution even when requested not to. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
possibly cause resource consumption, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.2
Ubuntu 13.10:
libxml2 2.9.1+dfsg1-3ubuntu2.2
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.8
Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.12
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2214-2
http://www.ubuntu.com/usn/usn-2214-1
https://launchpad.net/bugs/1321869
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.2
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu2.2
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.8
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.12
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTlcg4AAoJEGVp2FWnRL6TwzUP/3Ncxqd+F/TxUBLDLEN/TDUQ
PC6wLUlfeDh05VrkiyyIIPbDnEbA3Gj0WEZmgpBCHYXgeBH4EDNxCu19E6W1TZrq
P8Fnn9/mM6cGCRlTMhoJ62IDrQ3+yzDICSJ/WldOow3ck8Osl5b08IxLssIP8g/Y
+iCNg4iVaw1rYm9OG6mSr8bviUh9peu4FO7heCCJjBYOcNqwlwuv0fIBITUfEUOE
HPYjClUYG8RidQV0ukxXGplY1r337IVYnyU4QZ3p5n/i9XYGI1TdkAcrsoWEwz9j
UYlzSSmz4HWRwf5fDGKjk1SgpA+hVEaq7uRUZbTRUVh3maWFdfd9s3/Z7SMaLEit
bjsjPgXXDQvOVG90e++L/uEcmpgFNSyQKY3nrSdl2TuLTPJ7O0RqN9o77yHXnF9m
ddLKgkV8kFn8DQY+rvPe1ywbjXHBLnhfzPOdG4CaPg84qVp6RutnBPZ9h9/J8aHk
jR9nPO+w/ygGZerPWx793PMppKG/tJbYqzu3ytDAa6pr0eI5c8TXbhzUrJbr6DYb
bNkxigYQK1HvZ1K9J331i1cyJYZeZeDmKRe43szRPyNLjrJS6BhvnbbUAuAl86Bt
dcrKMJ4wmWJwH7FsO3NfsEwPC27NOp6xjiFrTiCgmRG+jJDZJnImjxSFidmnBAEt
H3ghs0dqn1SCBMmiam9u
=nMPC
—–END PGP SIGNATURE—–
—
| Autor | Marko Stanec |
| Cert id | NCERT-REF-2014-06-0042-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
