You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libxml2

Sigurnosni nedostatak programske biblioteke libxml2

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3504-2
December 05, 2017

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

curl could be made to crash if it received specially crafted
input.

Software Description:
– libxml2: GNOME XML library

Details:

USN-3504-1 fixed a vulnerability in libxml2. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Wei Lei discovered that libxml2 incorrecty handled certain parameter
 entities. An attacker could use this issue with specially constructed
 XML data to cause libxml2 to consume resources, leading to a denial of
 service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libxml2                         2.7.8.dfsg-5.1ubuntu4.19
  libxml2-utils                   2.7.8.dfsg-5.1ubuntu4.19
  python-libxml2                  2.7.8.dfsg-5.1ubuntu4.19

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3504-2
  https://www.ubuntu.com/usn/usn-3504-1
  CVE-2017-16932
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaJrA9AAoJEEW851uECx9p7zoQAI6hYhOPGJufbfru7ST+JBcC
2sll7Wr/ejLmX811yFOo49X7WD+H+1vvTTTnSpkbNjqVOKA9Y1tZIP7XFkrJyOBE
kzTs+sqFHO2Eiu58B0xuMFTF27EKcyAdr/fjdacJ0qDV+Zx45cIAoKCfcx7C6X8x
ie1eLMDx1Mc/DRkIcLCzHjuZG/f9SxGUW5H2Y/Rb2VJUYwPfrChMjJ+EMSYX/56+
gZqodSJ/LG60fD7F2E36opGrWAa80WN6/KPdBXVZvo/GS1MbejbjeHbiRsV9SrXl
iRp8lViWJ7mAy+ch9PeadDU7a1EzC6nweEnjX4m0tZjyxqtf5LqumACCBDc63o/a
hc42DqhaRxaqC3KVgZOIFMJOewJewryocPMpI7uA+DkXkAAPcJPy8XpfCOgBtj/t
2sIVV6wFWO5nxSbx4esRmzrgF0bw8SmkERT41zJ8R9Q/iadv4Ke8uh01ibyiav05
ns1u+GmKa3aBUC37z+5ZQNPlq3U8aeiTgxmSGQf27xQVSUKFJUwlObjTABDlj5tl
WXgi/dEZWjoFtTL14P+aTnCKBX7ytchkPK0jtgvPkeuiXwyvcSuln5peQV7ijDT+
UlVylbGTRnFALcn5TTeW3XfwQ2JkxD7DHZC4ryhZlTEU8xHjF0hr+/J346BMQ+VV
/w7Rhydkzv8X72ynBNAL
=Hukv
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-3504-1
December 05, 2017

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

libxml2 could be made to crash if it opened a specially crafted
file.

Software Description:
– libxml2: GNOME XML library

Details:

Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  libxml2                         2.9.4+dfsg1-4ubuntu1.1
  libxml2-utils                   2.9.4+dfsg1-4ubuntu1.1
  python-libxml2                  2.9.4+dfsg1-4ubuntu1.1
  python3-libxml2                 2.9.4+dfsg1-4ubuntu1.1

Ubuntu 17.04:
  libxml2                         2.9.4+dfsg1-2.2ubuntu0.2
  libxml2-utils                   2.9.4+dfsg1-2.2ubuntu0.2
  python-libxml2                  2.9.4+dfsg1-2.2ubuntu0.2
  python3-libxml2                 2.9.4+dfsg1-2.2ubuntu0.2

Ubuntu 16.04 LTS:
  libxml2                         2.9.3+dfsg1-1ubuntu0.4
  libxml2-utils                   2.9.3+dfsg1-1ubuntu0.4
  python-libxml2                  2.9.3+dfsg1-1ubuntu0.4

Ubuntu 14.04 LTS:
  libxml2                         2.9.1+dfsg1-3ubuntu4.11
  libxml2-utils                   2.9.1+dfsg1-3ubuntu4.11
  python-libxml2                  2.9.1+dfsg1-3ubuntu4.11

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3504-1
  CVE-2017-16932

Package Information:
  https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-4ubuntu1.1
  https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-2.2ubuntu0.2
  https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.4
  https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.11
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaJqqOAAoJEEW851uECx9p0hoQAL6JSCZx9CefkXTVpnVE+3gC
LlS5vzpQiIr3xahyryJ7f2osf5IdMt8HUXlITJvHgIzqrbIXvfjNaiipVi0qNWIp
BKS811/ybzfa/C7bkQT34pa1d/uwZkUzsh4UkndXRHbpN5rck2lptI2e1WYSHvHA
yAyp6Oaqywdrq/oXZcJuvhZkE9E8nBuPEoVuwlXHTAOMt7oqj5NucKnIcWo9dz6c
k33xyn9Kr6QzIR7PEHFm9ncT+6nkQzmCLBiU5StIiXn1SQNeRMAzgiTxAmBUp75p
E5Z8H2SsI5/Roti5bLt7J9X8Pzasgpj0/Y/+W5Q6UFlVzO2I/uTOILXZHLFXSR8k
Erxxo1h1U4DzOpvulsje46PuVjOrD42mKZhumxKilTuJN0fd/nD6BxpatNcvmqZy
h3mAHXmVG8UevRtFSIHYh8wU9u0L8IoxgoWaDnn8MsqQDnxMni31lsQUJXc1CAkv
uJBClagSSe/v26qQ9cHO31owApG3OpTPaL4cag2WjL+vXYB8KeenIpUOgHJEsnXi
v3xqRkZ+ugcmFTVorzuXie0y9VecFrADNCqfVzS6wsvYv6HsMX6I3k1tjzIWeWCP
TKjSMLUB1EaxZrB7DkGdi7q4ZzKFPuMPjxJQ/vrU/9+EMNHGRVdCYP5ktGL1XgCp
kTtQ4tibLb6d9fufsz6J
=9sJQ
—–END PGP SIGNATURE—–

AutorPetar Bertok
Cert idNCERT-REF-2017-12-0030-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa firefox

Otkriven je sigurnosni nedostatak u programskom paketu firefox za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close