=========================================================================Ubuntu Security Notice USN-3424-2
October 10, 2017

libxml2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in libxml2.

Software Description:
- libxml2: GNOME XML library

Details:

USN-3424-1 fixed several vulnerabilities in libxml2. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that a type confusion error existed in libxml2. An
 attacker could use this to specially construct XML data that
 could cause a denial of service or possibly execute arbitrary
 code. (CVE-2017-0663)

 It was discovered that libxml2 did not properly validate parsed entity
 references. An attacker could use this to specially construct XML
 data that could expose sensitive information. (CVE-2017-7375)

 It was discovered that a buffer overflow existed in libxml2 when
 handling HTTP redirects. An attacker could use this to specially
 construct XML data that could cause a denial of service or possibly
 execute arbitrary code. (CVE-2017-7376)

 Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in
 libxml2 when handling elements. An attacker could use this to
 specially construct XML data that could cause a denial of service or
 possibly execute arbitrary code. (CVE-2017-9047)

 Marcel Böhme and Van-Thuan Pham discovered a buffer overread
 in libxml2 when handling elements. An attacker could use this
 to specially construct XML data that could cause a denial of
 service. (CVE-2017-9048)

 Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads
 in libxml2 when handling parameter-entity references. An attacker
 could use these to specially construct XML data that could cause a
 denial of service. (CVE-2017-9049, CVE-2017-9050)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libxml2                         2.7.8.dfsg-5.1ubuntu4.18

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3424-2
  https://ubuntu.com/security/notices/USN-3424-1
  CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047,
  CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

Ubuntu 3424-2: libxml2 vulnerabilities

October 10, 2017
Several security issues were fixed in libxml2.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM:   libxml2                         2.7.8.dfsg-5.1ubuntu4.18 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3424-2

  https://ubuntu.com/security/notices/USN-3424-1

  CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047,

  CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

Severity
October 10, 2017

Package Information

Related News

19.Laptop Bed Esm H170
2 - 4 min read
WSL (Windows Subsystem for Linux) , Microsoft's network security toolkit that allows users to run Linux natively on Windows without needing a
11.Locks IsometricPattern Esm H170
3 - 6 min read
Recently conducted research by Kaspersky indicates an alarming rise in cyberattacks using exploits against Linux systems. Data from Kaspersky
32.Lock Code Circular Esm H170
1 - 2 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
19.Laptop Bed Esm H170
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw enabling remote attackers to execute arbitrary
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2). These vulnerabilities
28.Lock Globe Esm H170
2 - 3 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved