Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 17.04, 16.04 LTS, 14.04 LTS USN-3424-1 Critical Libxml2 Overflow

ubuntu
Calendar Grey September 19, 2017
Dist Ubuntu Esm H88
Patches addressing vulnerabilities in libxml2 affect Ubuntu versions 17.04, 16.04 LTS, and 14.04 LTS. Please update to ensure security compliance.
Several security issues were fixed in libxml2.

Summary

Several security issues were fixed in libxml2.

Software Description:

- libxml2: GNOME XML library

Details:

It was discovered that a type confusion error existed in libxml2. An

attacker could use this to specially construct XML data that

could cause a denial of service or possibly execute arbitrary

code. (CVE-2017-0663)

It was discovered that libxml2 did not properly validate parsed entity

references. An attacker could use this to specially construct XML

data that could expose sensitive information. (CVE-2017-7375)

It was discovered that a buffer overflow existed in libxml2 when

handling HTTP redirects. An attacker could use this to specially

construct XML data that could cause a denial of service or possibly

execute arbitrary code. (CVE-2017-7376)

Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in

libxml2 when handling elements. An attacker could use this to specially

construct XML data that could cause a denial of service or possibly

ex...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libxml2                         2.9.4+dfsg1-2.2ubuntu0.1

Ubuntu 16.04 LTS:
  libxml2                         2.9.3+dfsg1-1ubuntu0.3

Ubuntu 14.04 LTS:
  libxml2                         2.9.1+dfsg1-3ubuntu4.10

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3424-1

CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047,

CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

Severity
critical
Lowest
Low
Medium
High
Critical

September 19, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.