Linux Security
Linux Security
Linux Security

Debian: New libxml2 packages fix execution of arbitrary code

Date 14 Oct 2008
Posted By LinuxSecurity Advisories
It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1654-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                               Steve Kemp
October 14, 2008            
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-3529
Debian Bug     : 498768

It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names.  This could allow the execution of arbitrary
code via a malicious XML file.

For the stable distribution (etch), this problem has been fixed in version

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.

We recommend that you upgrade your libxml2 package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
    Size/MD5 checksum:   220443 48cafbb8d1bd2c6093339fea3f14e4a0
    Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
    Size/MD5 checksum:      893 0dc1f183dd20741e5b4e26a7f8e1c652

Architecture independent packages:
    Size/MD5 checksum:  1328144 c1c5f0ceb391893a94e61c074b677ee9

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   820850 fac5556241bb0fde20913f25fb9c73ac
    Size/MD5 checksum:    37980 725b1c6925e610b5843ba0ad554dc7bc
    Size/MD5 checksum:   184754 5ccbaf07b44dcfe528167074050bf270
    Size/MD5 checksum:   916830 17d71480b7e2a447dabde99c11d752fa
    Size/MD5 checksum:   881834 cac19a28b37f7afb9e07966f44ddd5b2

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   184130 a13372752d162d0fb2ccd58da6b73e20
    Size/MD5 checksum:    36684 8a0265229bebf9245dc7bb7cc6f41d36
    Size/MD5 checksum:   796194 6019e59020269cca8fa8fea40f83c118
    Size/MD5 checksum:   891922 606fc28448bead2709c39a1d3e529a25
    Size/MD5 checksum:   745758 95bd39eb2818772c43c3351b22326fcd

arm architecture (ARM)
    Size/MD5 checksum:   741876 1b670c6bac3aa9f7df28f7ea3f1e5725
    Size/MD5 checksum:    34678 9a992dc251b137a919a813eed2af8489
    Size/MD5 checksum:   165290 732b4e94b91a086c6b950d187af160bc
    Size/MD5 checksum:   817514 299c93a812ac02a8aa9da88f4cb5aedf
    Size/MD5 checksum:   673192 d2ff2c26ee8dae05f81c24aa6dfce9b5

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   191876 4d2e33090237b47bc10e9526329f0bc5
    Size/MD5 checksum:    36708 0ebf8554c5a0e873b128d52ceafccdfd
    Size/MD5 checksum:   850210 bde343770ac9a7bd458e68a60c2b8434
    Size/MD5 checksum:   858660 88f67d0d2aff41333ca2f4d4b2d6b5b2
    Size/MD5 checksum:   864474 489dbd9d677c274c07abb88d0f23b969

i386 architecture (Intel ia32)
    Size/MD5 checksum:   755986 9fdf341ede17d7790202229db9cc1353
    Size/MD5 checksum:   169032 272c6be290817bf9cb8b401425fd83d5
    Size/MD5 checksum:   681472 d8a0611d638e0553da64a218fbcf291a
    Size/MD5 checksum:   857318 6946048170dd7d142c03c13794c30d6f
    Size/MD5 checksum:    34496 3e3674a714f780024630ad1a2ca46eab

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  1106480 03e08564e2bf843905daecdd7c5cc4c4
    Size/MD5 checksum:   874222 ed9ab6fa068a5b07c22ec1c10db8e0ab
    Size/MD5 checksum:  1080186 defc5f4f9eb80872a793cc025e33a111
    Size/MD5 checksum:    48492 5a567323dc0bf8159a6eae87957266d5
    Size/MD5 checksum:   196536 cdbb137c8bb31cf29114673c4cb28e67

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    34418 4a05346cb2fc6c314e7e8aef21662469
    Size/MD5 checksum:   171678 c94bfffc6bde639623ce9a91028960e5
    Size/MD5 checksum:   926922 ddc8ff03120dd78869830d38a5e8708d
    Size/MD5 checksum:   840642 57f2ea24a31904c4b07531f6292a4a8e
    Size/MD5 checksum:   770246 20ba2586e1406d66bd34642f13265dcf

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    34398 9f0ebfb1dc37496e6b7a4e9963ffaeff
    Size/MD5 checksum:   898346 29680d5d5baa66e251e71f55aa128e3c
    Size/MD5 checksum:   768976 8f6464a0ef61b3ddcd271652a01c7469
    Size/MD5 checksum:   833252 5c83c05d44526479e7c550fd0d8cbdbe
    Size/MD5 checksum:   168690 eb56cb1ea49795d0a5a18af468625941

powerpc architecture (PowerPC)
    Size/MD5 checksum:   898010 c3d61392afcb383d0f27d5f91fda721d
    Size/MD5 checksum:   770994 94ef895f8942b880e8823e10420120e6
    Size/MD5 checksum:   172726 5d097f0290be2bab9b93287bad07e83f
    Size/MD5 checksum:    37660 e977bc38e837077de7a006ef923b98bd
    Size/MD5 checksum:   779958 ad7245f8a9980d7f40234aefaf12a31b

s390 architecture (IBM S/390)
    Size/MD5 checksum:   185726 91661276ed6cf371373b4e61805c81b8
    Size/MD5 checksum:   885618 218f2603ab94bf92ba45cd330fe15782
    Size/MD5 checksum:   806024 3abe21a0d756e5a0a2ca646f0ba32729
    Size/MD5 checksum:    36378 cbc5eb7e2f81adafeba8e857aee8c918
    Size/MD5 checksum:   750190 4172cb95d7aea2f9ee9331220cd5274c

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   781522 c20ea9c8ab0ec798488e68c845650036
    Size/MD5 checksum:   713144 e0139b86fbf9644678c2c6de6462bff1
    Size/MD5 checksum:   759568 7d46f7ceb214711851cc1f27edef2c48
    Size/MD5 checksum:    34580 fceb65808b2c98f621d79352eea9d2d5
    Size/MD5 checksum:   176874 f27821fe07861f2e71658bc3eb0a595e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.