Linux Security
Linux Security
Linux Security

Debian: libxml2 fix denial of service DSA-1631-2

Date 26 Aug 2008
Posted By LinuxSecurity Advisories
The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported scurity problem.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1631-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.                               Steve Kemp
August 26, 2008             
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-3281

The previous security update of the libxml2 package introduced
some problems with other packages, most notably with librsvg.
This update corrects these problems whilst still fixing the
reported scurity problem.

For reference the text of the previous security announcement

Andreas Solberg discovered that libxml2, the GNOME XML library,
could be forced to recursively evaluate entities, until available
CPU & memory resources were exhausted.

For the stable distribution (etch), this problem has been fixed in version

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-3.

We recommend that you upgrade your libxml2 package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
    Size/MD5 checksum:      893 71d8dbd9fb4d082a273289513941da33
    Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
    Size/MD5 checksum:   145887 5579bcc5d4fb2e33789853d826e265a3

Architecture independent packages:
    Size/MD5 checksum:  1328140 adb1d2d477eacbaf8347aa50eac782bb

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   820516 31ef1df11042703555ae2be4cd070d77
    Size/MD5 checksum:   881632 3ed598806d32756af480a32db50d29bb
    Size/MD5 checksum:   184762 9dcde3e1f90ff7dfc42b2c8ce0c0e24e
    Size/MD5 checksum:   916300 ed1c5f1efa3dc141d5d4c79820bfef3c
    Size/MD5 checksum:    37978 47fe74c3d93abc8e596d836ef4eb8fcb

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   184120 58ab6cccdd5484e4bfcf4b6dd27c9e00
    Size/MD5 checksum:    36680 dd0b6f7984f011ae92bd7e09bf83f02f
    Size/MD5 checksum:   795770 4063d07d3876bfbc3f6fcf19e5cafb4a
    Size/MD5 checksum:   891790 b727f5ae98ce30abe97a1fba3ac40d38
    Size/MD5 checksum:   745276 5af9ee2e1337339b2e892fedba428e3c

arm architecture (ARM)
    Size/MD5 checksum:   165294 ad35b56851b1593e360b686ecfec65fc
    Size/MD5 checksum:   672778 b08822852ad4599685c9dc3188373c4d
    Size/MD5 checksum:   741398 47071e65bd39d46da2671a307254ae1e
    Size/MD5 checksum:   816988 f52a68650d018f67aab33ae26d5dd143
    Size/MD5 checksum:    34672 a936724e14d1319ca9a79a0f3711d250

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   192854 81a84d2b04ad199969eff68a5132850e
    Size/MD5 checksum:    36858 2473f5535d88f7f15d5828896384c40a
    Size/MD5 checksum:   849856 99c8f064ed4f2eaad000bb5069ef302e
    Size/MD5 checksum:   863750 e830ea5314f70dee660743fc1c9b158d
    Size/MD5 checksum:   858008 4fea504a87f852497df6288315275ccf

i386 architecture (Intel ia32)
    Size/MD5 checksum:   681202 30924287393f6c3be0cabd7459233384
    Size/MD5 checksum:   755716 8d5a4b27d85883876fb6a801b81e4a22
    Size/MD5 checksum:   169028 e888a4121857a3e71a2e7fa45a047571
    Size/MD5 checksum:    34496 53a91e24ea34079fe292b4fab6b2896b
    Size/MD5 checksum:   857040 8b37acacabb9d85ab8992d5426f28c82

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  1105708 88c594f73ceaaca62dfa28274bd31fe9
    Size/MD5 checksum:  1079688 f2a9fa0eb94dcdb5175111f6b3359bc9
    Size/MD5 checksum:   873912 c7ba5c84b4972aa287c2d27a0427864e
    Size/MD5 checksum:   196530 5ee6abed0af70043dbdc76f4d4623fe9
    Size/MD5 checksum:    48498 f868a6d64cb5bdb14bdcf97e8aa0dd1e

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   171664 355f77c5275a13f3eb83527068cff621
    Size/MD5 checksum:   769486 cfa1b956ceb1e04ecbd9509df27dfa6a
    Size/MD5 checksum:    34426 91378abe49acd1892f74cb46ade696e1
    Size/MD5 checksum:   926324 05a3b536190e243ab38ab8be3dc0b2e1
    Size/MD5 checksum:   839986 e125b22dd4493e44127569c0c6c2a123
    Size/MD5 checksum:   840028 454d30d21466c6991d36709d545bb616
    Size/MD5 checksum:   769770 a9fdc081287daeac42162ce1a2175ab4
    Size/MD5 checksum:    34426 dbc7089955d66008c4f5cf83dc9b99d1
    Size/MD5 checksum:   926092 7eb78aa1b849416a958e1348af488859
    Size/MD5 checksum:   171672 27c5bdf91c1d4b60968907e1b62cca4d

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   832738 a6de09f65ab37e850751d97829cc6617
    Size/MD5 checksum:   168694 2f29cc087add99df4f6ab916a9926811
    Size/MD5 checksum:   897444 867b3e92f1a42f0bc65f7238ce560f46
    Size/MD5 checksum:   768592 cb9819c21c8e6b030f9859db384c57aa
    Size/MD5 checksum:    34402 ab51ba73d01bcd7565a3484f2f0773b4

powerpc architecture (PowerPC)
    Size/MD5 checksum:    37664 44817ba18e1cbef8bb632931619799b8
    Size/MD5 checksum:   897608 ace5c9edc38cf6a827c2a3bdd8f148d2
    Size/MD5 checksum:   779646 d9a1addfd80b91de74d135ae721f2289
    Size/MD5 checksum:   770646 aea60a0c32642ff21a7b4df0a8cf718f
    Size/MD5 checksum:   172734 4777957bb08a5078eaa157fb1137198d

s390 architecture (IBM S/390)
    Size/MD5 checksum:   805482 3a09ab61016672208e30a5e217305f1a
    Size/MD5 checksum:   749824 9277f1e383f35050030bc4d22cf6c835
    Size/MD5 checksum:   185726 03cd09eb4a14e6905211421ed425df4e
    Size/MD5 checksum:   884934 80a368f56c164922488988957898b702
    Size/MD5 checksum:    36372 d1e9cb343470264435e5fb6642f2ca3f

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   712810 804bcef65cec53bb7b801fc15736c435
    Size/MD5 checksum:   759322 42dc3f7722459a697efad99eadbe357e
    Size/MD5 checksum:   781040 4f066aa412fd8c29e9780d8d0a690ccd
    Size/MD5 checksum:    34576 ad057148379fcd1ca730e17fd2d4cf00
    Size/MD5 checksum:   176872 49f013c4d6097a188d85c80edcda1ced

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"45","type":"x","order":"1","pct":81.82,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"5","type":"x","order":"2","pct":9.09,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.09,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.