You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libxml-perl

Sigurnosni nedostatak programske biblioteke libxml-perl

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3494-1
November 27, 2017

libxml-libxml-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

XML::LibXML could be made to crash or run programs if it processed
specially crafted input.

Software Description:
– libxml-libxml-perl: Perl interface to the libxml2 library

Details:

It was discovered that XML::LibXML incorrectly handled memory when
processing a replaceChild call. A remote attacker could possibly use this
issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libxml-libxml-perl 2.0128+dfsg-3ubuntu0.1

Ubuntu 17.04:
libxml-libxml-perl 2.0128+dfsg-1ubuntu0.1

Ubuntu 16.04 LTS:
libxml-libxml-perl 2.0123+dfsg-1ubuntu0.1

Ubuntu 14.04 LTS:
libxml-libxml-perl 2.0108+dfsg-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3494-1
CVE-2017-10672

Package Information:
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0128+dfsg-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0128+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0123+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml-libxml-perl/2.0108+dfsg-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaHGspAAoJEGVp2FWnRL6TQCwP/0mMcYoNC0cDri/ZWxEZ1Nkk
Coi1dagEJ1GBxP0ysuQbzqUazN2KOT7dbL+a2AubEjoaLY+SD1hAKpy9Bn5P5LUL
XEFjESZcTGwoQTRMLkkdoawODu7o+n/Y8RJIgjhXVzWhXw6Zn8+/pGA+b4o4iwYt
r1R+pOQJEsOYU6GIlY4ud8PlmV2vyYzGNQaop9/Msv/jGLtv46QzomBv0BqxTwXA
DW7Ryoot3SoLCKpx7/PQHO1Oq9rgWw8ErrHi4xcZH+rAc6jbyYPhBfdFArf38plT
Hjaz1xGfViHIkAce8CurXrHDGgEFhuOYhDeOdODA0E+vhDQP4gNCuP5TKhXVqhXT
yDl7PjqAdKWPmZfM42ft6O1pJjKqR3AqpzCDS5bliAbTwi86pZWqIwu7vhvzI3A4
7DDjs6yxj5nPbXDBQm3I5bGncwr06h2ilycsuCQCGh1jkfFS2ddAJmhp9LV8uo8X
y9A9AUO08FAJNAMeK51M0rSdqEmae2mPJQ6Y7AyYlaeYWxxwbDFmfV8aJKftM1rL
WdoMyG1Bj2MfHk3uNI1r3YDdFcMIULzIGzKnRxgnkNWIFhBEsm5OYl36kJaQQ6gD
YrEO6mNQEKYeDiowYY8b75WSmNQdoGy0K47yqdTRuYWp9HxGooYjMVdjxmPNw0K0
LZUWF5W3BUHLnS0KIQTb
=HW8R
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-11-0174-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa optipng

Otkriven je sigurnosni nedostatak u programskom paketu optipng za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja...

Close