- ------------------------------------------------------------------------Debian Security Advisory DSA-1654-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
October 14, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package : libxml2
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-3529
Debian Bug : 498768
It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names. This could allow the execution of arbitrary
code via a malicious XML file.
For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-5.
For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.
We recommend that you upgrade your libxml2 package.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------Source archives:
Size/MD5 checksum: 220443 48cafbb8d1bd2c6093339fea3f14e4a0
Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3
Size/MD5 checksum: 893 0dc1f183dd20741e5b4e26a7f8e1c652
Architecture independent packages:
Size/MD5 checksum: 1328144 c1c5f0ceb391893a94e61c074b677ee9
alpha architecture (DEC Alpha)
Size/MD5 checksum: 820850 fac5556241bb0fde20913f25fb9c73ac
Size/MD5 checksum: 37980 725b1c6925e610b5843ba0ad554dc7bc
Size/MD5 checksum: 184754 5ccbaf07b44dcfe528167074050bf270
Size/MD5 checksum: 916830 17d71480b7e2a447dabde99c11d752fa
Size/MD5 checksum: 881834 cac19a28b37f7afb9e07966f44ddd5b2
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 184130 a13372752d162d0fb2ccd58da6b73e20
Size/MD5 checksum: 36684 8a0265229bebf9245dc7bb7cc6f41d36
Size/MD5 checksum: 796194 6019e59020269cca8fa8fea40f83c118
Size/MD5 checksum: 891922 606fc28448bead2709c39a1d3e529a25
Size/MD5 checksum: 745758 95bd39eb2818772c43c3351b22326fcd
arm architecture (ARM)
Size/MD5 checksum: 741876 1b670c6bac3aa9f7df28f7ea3f1e5725
Size/MD5 checksum: 34678 9a992dc251b137a919a813eed2af8489
Size/MD5 checksum: 165290 732b4e94b91a086c6b950d187af160bc
Size/MD5 checksum: 817514 299c93a812ac02a8aa9da88f4cb5aedf
Size/MD5 checksum: 673192 d2ff2c26ee8dae05f81c24aa6dfce9b5
hppa architecture (HP PA RISC)
Size/MD5 checksum: 191876 4d2e33090237b47bc10e9526329f0bc5
Size/MD5 checksum: 36708 0ebf8554c5a0e873b128d52ceafccdfd
Size/MD5 checksum: 850210 bde343770ac9a7bd458e68a60c2b8434
Size/MD5 checksum: 858660 88f67d0d2aff41333ca2f4d4b2d6b5b2
Size/MD5 checksum: 864474 489dbd9d677c274c07abb88d0f23b969
i386 architecture (Intel ia32)
Size/MD5 checksum: 755986 9fdf341ede17d7790202229db9cc1353
Size/MD5 checksum: 169032 272c6be290817bf9cb8b401425fd83d5
Size/MD5 checksum: 681472 d8a0611d638e0553da64a218fbcf291a
Size/MD5 checksum: 857318 6946048170dd7d142c03c13794c30d6f
Size/MD5 checksum: 34496 3e3674a714f780024630ad1a2ca46eab
ia64 architecture (Intel ia64)
Size/MD5 checksum: 1106480 03e08564e2bf843905daecdd7c5cc4c4
Size/MD5 checksum: 874222 ed9ab6fa068a5b07c22ec1c10db8e0ab
Size/MD5 checksum: 1080186 defc5f4f9eb80872a793cc025e33a111
Size/MD5 checksum: 48492 5a567323dc0bf8159a6eae87957266d5
Size/MD5 checksum: 196536 cdbb137c8bb31cf29114673c4cb28e67
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 34418 4a05346cb2fc6c314e7e8aef21662469
Size/MD5 checksum: 171678 c94bfffc6bde639623ce9a91028960e5
Size/MD5 checksum: 926922 ddc8ff03120dd78869830d38a5e8708d
Size/MD5 checksum: 840642 57f2ea24a31904c4b07531f6292a4a8e
Size/MD5 checksum: 770246 20ba2586e1406d66bd34642f13265dcf
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 34398 9f0ebfb1dc37496e6b7a4e9963ffaeff
Size/MD5 checksum: 898346 29680d5d5baa66e251e71f55aa128e3c
Size/MD5 checksum: 768976 8f6464a0ef61b3ddcd271652a01c7469
Size/MD5 checksum: 833252 5c83c05d44526479e7c550fd0d8cbdbe
Size/MD5 checksum: 168690 eb56cb1ea49795d0a5a18af468625941
powerpc architecture (PowerPC)
Size/MD5 checksum: 898010 c3d61392afcb383d0f27d5f91fda721d
Size/MD5 checksum: 770994 94ef895f8942b880e8823e10420120e6
Size/MD5 checksum: 172726 5d097f0290be2bab9b93287bad07e83f
Size/MD5 checksum: 37660 e977bc38e837077de7a006ef923b98bd
Size/MD5 checksum: 779958 ad7245f8a9980d7f40234aefaf12a31b
s390 architecture (IBM S/390)
Size/MD5 checksum: 185726 91661276ed6cf371373b4e61805c81b8
Size/MD5 checksum: 885618 218f2603ab94bf92ba45cd330fe15782
Size/MD5 checksum: 806024 3abe21a0d756e5a0a2ca646f0ba32729
Size/MD5 checksum: 36378 cbc5eb7e2f81adafeba8e857aee8c918
Size/MD5 checksum: 750190 4172cb95d7aea2f9ee9331220cd5274c
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 781522 c20ea9c8ab0ec798488e68c845650036
Size/MD5 checksum: 713144 e0139b86fbf9644678c2c6de6462bff1
Size/MD5 checksum: 759568 7d46f7ceb214711851cc1f27edef2c48
Size/MD5 checksum: 34580 fceb65808b2c98f621d79352eea9d2d5
Size/MD5 checksum: 176874 f27821fe07861f2e71658bc3eb0a595e
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Debian: New libxml2 packages fix execution of arbitrary code
October 14, 2008
It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names
Summary
Severity
News
HOWTOs
Features
About Us
Powered By
