Debian: New libxml2 packages fix denial of service

    Date26 Aug 2008
    CategoryDebian
    3050
    Posted ByLinuxSecurity Advisories
    The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported scurity problem.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1631-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                               Steve Kemp
    August 26, 2008                       http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libxml2
    Vulnerability  : denial of service
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2008-3281
    
    The previous security update of the libxml2 package introduced
    some problems with other packages, most notably with librsvg.
    This update corrects these problems whilst still fixing the
    reported scurity problem.
    
    For reference the text of the previous security announcement
    follows:
    
    Andreas Solberg discovered that libxml2, the GNOME XML library,
    could be forced to recursively evaluate entities, until available
    CPU & memory resources were exhausted.
    
    For the stable distribution (etch), this problem has been fixed in version
    2.6.27.dfsg-4.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 2.6.32.dfsg-3.
    
    We recommend that you upgrade your libxml2 package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.dsc
        Size/MD5 checksum:      893 71d8dbd9fb4d082a273289513941da33
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
        Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.diff.gz
        Size/MD5 checksum:   145887 5579bcc5d4fb2e33789853d826e265a3
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-4_all.deb
        Size/MD5 checksum:  1328140 adb1d2d477eacbaf8347aa50eac782bb
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_alpha.deb
        Size/MD5 checksum:   820516 31ef1df11042703555ae2be4cd070d77
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_alpha.deb
        Size/MD5 checksum:   881632 3ed598806d32756af480a32db50d29bb
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_alpha.deb
        Size/MD5 checksum:   184762 9dcde3e1f90ff7dfc42b2c8ce0c0e24e
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_alpha.deb
        Size/MD5 checksum:   916300 ed1c5f1efa3dc141d5d4c79820bfef3c
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_alpha.deb
        Size/MD5 checksum:    37978 47fe74c3d93abc8e596d836ef4eb8fcb
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_amd64.deb
        Size/MD5 checksum:   184120 58ab6cccdd5484e4bfcf4b6dd27c9e00
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_amd64.deb
        Size/MD5 checksum:    36680 dd0b6f7984f011ae92bd7e09bf83f02f
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_amd64.deb
        Size/MD5 checksum:   795770 4063d07d3876bfbc3f6fcf19e5cafb4a
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_amd64.deb
        Size/MD5 checksum:   891790 b727f5ae98ce30abe97a1fba3ac40d38
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_amd64.deb
        Size/MD5 checksum:   745276 5af9ee2e1337339b2e892fedba428e3c
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_arm.deb
        Size/MD5 checksum:   165294 ad35b56851b1593e360b686ecfec65fc
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_arm.deb
        Size/MD5 checksum:   672778 b08822852ad4599685c9dc3188373c4d
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_arm.deb
        Size/MD5 checksum:   741398 47071e65bd39d46da2671a307254ae1e
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_arm.deb
        Size/MD5 checksum:   816988 f52a68650d018f67aab33ae26d5dd143
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_arm.deb
        Size/MD5 checksum:    34672 a936724e14d1319ca9a79a0f3711d250
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_hppa.deb
        Size/MD5 checksum:   192854 81a84d2b04ad199969eff68a5132850e
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_hppa.deb
        Size/MD5 checksum:    36858 2473f5535d88f7f15d5828896384c40a
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_hppa.deb
        Size/MD5 checksum:   849856 99c8f064ed4f2eaad000bb5069ef302e
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_hppa.deb
        Size/MD5 checksum:   863750 e830ea5314f70dee660743fc1c9b158d
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_hppa.deb
        Size/MD5 checksum:   858008 4fea504a87f852497df6288315275ccf
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_i386.deb
        Size/MD5 checksum:   681202 30924287393f6c3be0cabd7459233384
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_i386.deb
        Size/MD5 checksum:   755716 8d5a4b27d85883876fb6a801b81e4a22
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_i386.deb
        Size/MD5 checksum:   169028 e888a4121857a3e71a2e7fa45a047571
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_i386.deb
        Size/MD5 checksum:    34496 53a91e24ea34079fe292b4fab6b2896b
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_i386.deb
        Size/MD5 checksum:   857040 8b37acacabb9d85ab8992d5426f28c82
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_ia64.deb
        Size/MD5 checksum:  1105708 88c594f73ceaaca62dfa28274bd31fe9
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_ia64.deb
        Size/MD5 checksum:  1079688 f2a9fa0eb94dcdb5175111f6b3359bc9
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_ia64.deb
        Size/MD5 checksum:   873912 c7ba5c84b4972aa287c2d27a0427864e
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_ia64.deb
        Size/MD5 checksum:   196530 5ee6abed0af70043dbdc76f4d4623fe9
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_ia64.deb
        Size/MD5 checksum:    48498 f868a6d64cb5bdb14bdcf97e8aa0dd1e
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_mips.deb
        Size/MD5 checksum:   171664 355f77c5275a13f3eb83527068cff621
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_mips.deb
        Size/MD5 checksum:   769486 cfa1b956ceb1e04ecbd9509df27dfa6a
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_mips.deb
        Size/MD5 checksum:    34426 91378abe49acd1892f74cb46ade696e1
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_mips.deb
        Size/MD5 checksum:   926324 05a3b536190e243ab38ab8be3dc0b2e1
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_mips.deb
        Size/MD5 checksum:   839986 e125b22dd4493e44127569c0c6c2a123
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_mips.deb
        Size/MD5 checksum:   840028 454d30d21466c6991d36709d545bb616
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_mips.deb
        Size/MD5 checksum:   769770 a9fdc081287daeac42162ce1a2175ab4
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_mips.deb
        Size/MD5 checksum:    34426 dbc7089955d66008c4f5cf83dc9b99d1
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_mips.deb
        Size/MD5 checksum:   926092 7eb78aa1b849416a958e1348af488859
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_mips.deb
        Size/MD5 checksum:   171672 27c5bdf91c1d4b60968907e1b62cca4d
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_mipsel.deb
        Size/MD5 checksum:   832738 a6de09f65ab37e850751d97829cc6617
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_mipsel.deb
        Size/MD5 checksum:   168694 2f29cc087add99df4f6ab916a9926811
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_mipsel.deb
        Size/MD5 checksum:   897444 867b3e92f1a42f0bc65f7238ce560f46
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_mipsel.deb
        Size/MD5 checksum:   768592 cb9819c21c8e6b030f9859db384c57aa
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_mipsel.deb
        Size/MD5 checksum:    34402 ab51ba73d01bcd7565a3484f2f0773b4
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_powerpc.deb
        Size/MD5 checksum:    37664 44817ba18e1cbef8bb632931619799b8
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_powerpc.deb
        Size/MD5 checksum:   897608 ace5c9edc38cf6a827c2a3bdd8f148d2
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_powerpc.deb
        Size/MD5 checksum:   779646 d9a1addfd80b91de74d135ae721f2289
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_powerpc.deb
        Size/MD5 checksum:   770646 aea60a0c32642ff21a7b4df0a8cf718f
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_powerpc.deb
        Size/MD5 checksum:   172734 4777957bb08a5078eaa157fb1137198d
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_s390.deb
        Size/MD5 checksum:   805482 3a09ab61016672208e30a5e217305f1a
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_s390.deb
        Size/MD5 checksum:   749824 9277f1e383f35050030bc4d22cf6c835
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_s390.deb
        Size/MD5 checksum:   185726 03cd09eb4a14e6905211421ed425df4e
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_s390.deb
        Size/MD5 checksum:   884934 80a368f56c164922488988957898b702
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_s390.deb
        Size/MD5 checksum:    36372 d1e9cb343470264435e5fb6642f2ca3f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_sparc.deb
        Size/MD5 checksum:   712810 804bcef65cec53bb7b801fc15736c435
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_sparc.deb
        Size/MD5 checksum:   759322 42dc3f7722459a697efad99eadbe357e
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_sparc.deb
        Size/MD5 checksum:   781040 4f066aa412fd8c29e9780d8d0a690ccd
      http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_sparc.deb
        Size/MD5 checksum:    34576 ad057148379fcd1ca730e17fd2d4cf00
      http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_sparc.deb
        Size/MD5 checksum:   176872 49f013c4d6097a188d85c80edcda1ced
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.