Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 21.04 USN-4991-1 Important: libxml2 Denial Of Service Vulnerability

ubuntu
Calendar Grey June 17, 2021
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in libxml2 spanning various Ubuntu editions. Update to the most recent versions for enhanced security.
Several security issues were fixed in libxml2.

Summary

Several security issues were fixed in libxml2.

Software Description:

- libxml2: GNOME XML library

Details:

Yunho Kim discovered that libxml2 incorrectly handled certain error

conditions. A remote attacker could exploit this with a crafted XML file to

cause a denial of service, or possibly cause libxml2 to expose sensitive

information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04

ESM. (CVE-2017-8872)

Zhipeng Xie discovered that libxml2 incorrectly handled certain XML

schemas. A remote attacker could possibly use this issue to cause a denial

of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,

and Ubuntu 18.04 LTS. (CVE-2019-20388)

It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A

remote attacker could possibly exploit this with a crafted XML file to

cause libxml2 to crash, resulting in a denial of service. This issue only

affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04

LTS and Ubuntu 20.10. (...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  libxml2                         2.9.10+dfsg-6.3ubuntu0.1
  libxml2-utils                   2.9.10+dfsg-6.3ubuntu0.1

Ubuntu 20.10:
  libxml2                         2.9.10+dfsg-5ubuntu0.20.10.2
  libxml2-utils                   2.9.10+dfsg-5ubuntu0.20.10.2

Ubuntu 20.04 LTS:
  libxml2                         2.9.10+dfsg-5ubuntu0.20.04.1
  libxml2-utils                   2.9.10+dfsg-5ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  libxml2                         2.9.4+dfsg1-6.1ubuntu1.4
  libxml2-utils                   2.9.4+dfsg1-6.1ubuntu1.4

Ubuntu 16.04 ESM:
  libxml2                         2.9.3+dfsg1-1ubuntu0.7+esm1
  libxml2-utils                   2.9.3+dfsg1-1ubuntu0.7+esm1

Ubuntu 14.04 ESM:
  libxml2                         2.9.1+dfsg1-3ubuntu4.13+esm2
  libxml2-utils                   2.9.1+dfsg1-3ubuntu4.13+esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4991-1

  CVE-2017-8872, CVE-2019-20388, CVE-2020-24977, CVE-2021-3516,

  CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541

Severity
important
Lowest
Low
Medium
High
Critical

June 17, 2021

Package Information

  https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-6.3ubuntu0.1
  https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.10.2
  https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.1
  https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here