==========================================================Ubuntu Security Notice USN-815-1            August 11, 2009
libxml2 vulnerabilities
CVE-2008-3529, CVE-2009-2414, CVE-2009-2416
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxml2                         2.6.24.dfsg-1ubuntu1.5

Ubuntu 8.04 LTS:
  libxml2                         2.6.31.dfsg-2ubuntu1.4

Ubuntu 8.10:
  libxml2                         2.6.32.dfsg-4ubuntu1.2

Ubuntu 9.04:
  libxml2                         2.6.32.dfsg-5ubuntu4.2

After a standard system upgrade you need to restart your sessions to effect
the necessary changes.

Details follow:

It was discovered that libxml2 did not correctly handle root XML document
element DTD definitions. If a user were tricked into processing a specially
crafted XML document, a remote attacker could cause the application linked
against libxml2 to crash, leading to a denial of service. (CVE-2009-2414)

It was discovered that libxml2 did not correctly parse Notation and
Enumeration attribute types. If a user were tricked into processing a
specially crafted XML document, a remote attacker could cause the
application linked against libxml2 to crash, leading to a denial of
service. (CVE-2009-2416)

USN-644-1 fixed a vulnerability in libxml2. This advisory provides the
corresponding update for Ubuntu 9.04.

Original advisory details:

 It was discovered that libxml2 did not correctly handle long entity names.
 If a user were tricked into processing a specially crafted XML document, a
 remote attacker could execute arbitrary code with user privileges or cause
 the application linked against libxml2 to crash, leading to a denial of
 service. (CVE-2008-3529)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    62776 d89c05d4e7cf575a70f0f9d98db043c0
          Size/MD5:      902 5a6bda5a6cff7f1dd1b9ac5a4a4d3dee
          Size/MD5:  3293814 461eb1bf7f0c845f7ff7d9b1a4c4eac8

  Architecture independent packages:

          Size/MD5:  1253066 7f0900285bcd5980021afb1187a65882
          Size/MD5:    19366 bdcb84dd5b172486d90babd60f7abe3e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   918870 5c542ff6be1ebfe37ed53fb5c42d4f9a
          Size/MD5:   737430 1277b3e55c846153da8612c2b1bd6c05
          Size/MD5:    36698 941d28a2ab8c583df8ac8c4bd6053f7e
          Size/MD5:   753036 159fc7694915d15d86868cbd34ff1ebb
          Size/MD5:   181652 5e66ae52ee397d016840038de0a2f057

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   766190 9afc9a70749f02669713a807ceaf2ad3
          Size/MD5:   642032 6e7ac3450d6220b0b5b827483622d145
          Size/MD5:    32980 5fc874170294ea6f6c94a690a01dbad7
          Size/MD5:   685138 4a8510c2c2b66f6c55e4155af4c7e091
          Size/MD5:   166422 6cc5c19adb5ccb9db5fec9286790af1a

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   905098 dd7b7a8b76af164a73785d7c40be445c
          Size/MD5:   761238 2f407df0d47072583fdbc6465b744b6a
          Size/MD5:    37424 c584cfd1c16a16106d10a8d090aaccf0
          Size/MD5:   734090 42f54b7042c391a8326558cdc924fcc2
          Size/MD5:   170808 8f4821f282453c7c516ba36e2c5fadd9

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   745812 84c50f29ba04c9c815e561e9c9b825ee
          Size/MD5:   703538 3f2e7fbc56bf64aa9631c567852dadfd
          Size/MD5:    34312 540c1cb95cd95eafe94cad690e0c7ae2
          Size/MD5:   716890 41e8303a6e6d3fb335a2fb06b4e1bc7a
          Size/MD5:   174772 567a3fdd900bc9cb34e5f2f668e48851

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    66035 c629b5480445cc4380bf3bae181d8484
          Size/MD5:     1072 67e7f23a4d73713a67233d554f6c8b5c
          Size/MD5:  3442959 8498d4e6f284d2f0a01560f089cb5a3e

  Architecture independent packages:

          Size/MD5:  1302458 9454932b37039a5af38524f7c4c0b294

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   939490 5c561ccc0fe42d44216631b89b1addf2
          Size/MD5:   754024 1d43d32a7125d4b2ed113c7dbb469bdf
          Size/MD5:   580472 d2e2babcee294fdd0f202d5d122c0dd2
          Size/MD5:    37052 440a067962c6e1e7ffe17071bb33fd09
          Size/MD5:   832898 b129c03e0971727757567d89a6d32269
          Size/MD5:   872964 86ab686a437dd9ed2b1ea08dbd5d9ba1
          Size/MD5:   297976 8acf0cdf5242fd3e6edd957db9e19c28

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   904990 88fe3df363f8829fcfb9a0ff42aa4e96
          Size/MD5:   676490 641845452580108e68afbd1605af5744
          Size/MD5:   533328 3e0d900bd1898de03a78fd408800d88e
          Size/MD5:    34042 2061451c337e1b12f73f9f91125aeda2
          Size/MD5:   786106 664fc7281611ad8b19e5f0b62284878f
          Size/MD5:   796320 1d531f46ab809a0f58ccdcf75f706ea5
          Size/MD5:   262966 d26ec52d81b118a64f13657db427f858

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   931054 830e464f765c3109497514d96295c932
          Size/MD5:   679546 6f6ee1fe040963315471c2a2a15064d6
          Size/MD5:   529214 af124b039059f2f24f31c50fc8fbf48f
          Size/MD5:    34488 ef4c4ea4e96d66c6d5c36e2645379915
          Size/MD5:   781436 ae5efc717942777be05db9c550d5ddd5
          Size/MD5:   788580 c16e8d94ecb5f1a14655fc4d40671f97
          Size/MD5:   259630 143a179bfbcff152d9f33c424ea80229

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   923448 d3ca8a5978632bec93151a892072b5c4
          Size/MD5:   776284 92d1fb876bb167fccee4e5a6a82e8169
          Size/MD5:   564078 9d75d8f965c320fd17dc2c420aa6e325
          Size/MD5:    42060 8bedb52b8485e7b65b930a39a671cbd8
          Size/MD5:   816678 55d6f855ea9b7b14f2ce449079360f80
          Size/MD5:   841354 b66c89a166c8a92ed136f77e2693249b
          Size/MD5:   285362 adc160daa3848983f4ddb678c3345199

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   826326 f596d405cff24bfa70d8c2ff81e3439b
          Size/MD5:   719830 b0cb8e2bbbec82604b5a562f3e446f78
          Size/MD5:   541066 f5796b6b3175b740eb55ab32887c98f1
          Size/MD5:    36190 1e5ae0d677b95e4f5b69c86ab7207c04
          Size/MD5:   793408 c10a54dbfe118a255b353b59fee0c895
          Size/MD5:   807914 3566e097583445477cad63cd721424f1
          Size/MD5:   277520 b0c2ed5aafa41ff970a5d8c40a12d02d

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    84498 bc3004e4fd1e98246801b2a5741be0f1
          Size/MD5:     1494 5a25281495f4e6650a45f45a5a8526d2
          Size/MD5:  3425843 bb11c95674e775b791dab2d15e630fa4

  Architecture independent packages:

          Size/MD5:  1308242 3aa37d0a971702bda21165e2744d3b15

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  1014608 676fed67244fe42800b527d2d654365f
          Size/MD5:   777674 72fd0dc6223b0708f936bfbf830b42a4
          Size/MD5:   607400 82a0a91ff27913e1284ae7799156b9a5
          Size/MD5:    37346 b71638a425beef5adb16962d2dbf83f8
          Size/MD5:   863410 2141203bc6e460099878831efdc9de8e
          Size/MD5:   858904 3143613cc83f8f3b3fc171291e48f30c
          Size/MD5:   296128 4f123d82f7393dc6271adee9b0b2154b

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   966962 48d67569f459f88564f282c5c7603eca
          Size/MD5:   701786 f31b1ec9b00b32aef5dab08de74c1ca5
          Size/MD5:   563618 6c10444d19aa3010ec0b6afc46631442
          Size/MD5:    33908 218bd1ab9dbed3bb7e56db1f1ac74a6a
          Size/MD5:   819242 f2e5722dc46494b105d2e171a7ab8230
          Size/MD5:   782502 c6a12f97a9d05c420e87d98f3cebe292
          Size/MD5:   261340 c1e353abc1bdf4c56b856228ea92e3ce

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   994030 e6260d0cfcac28075fcbe72036374dc1
          Size/MD5:   697648 2e04c962dc20e83f635a5bf06fb87691
          Size/MD5:   553402 8998361080659f8d3175d3621261805a
          Size/MD5:    34092 da760a43ac9492e508c6dc6c85499a95
          Size/MD5:   808888 d3708ffd4d87a2c48c6c37badb602ec5
          Size/MD5:   776836 ff4dee115d09816a99b2c7ea63e4fd10
          Size/MD5:   257710 6e2cf4776d778dc7ce2d2a7c098c5bd7

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   985370 5f1c540dbfecf08d6ccc22798beb7d0d
          Size/MD5:   793178 980f65e0877f36d1c51241ca6e8a4e79
          Size/MD5:   582030 439fe7ebaebd3e5e3c9ca5b323595da6
          Size/MD5:    40426 648c47236b411a6b5ccbbe4ca4671af7
          Size/MD5:   837942 7a59d92fe6c31895aadc67df56e404b2
          Size/MD5:   822784 44a72a4996bca847bea424ad1db4d03b
          Size/MD5:   283028 9423c0b24aab87ffac1d85615282e38d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   872662 fcc9c2574a5f8f9aeee5be43cedd9542
          Size/MD5:   730988 dab6026cfeee8b30a3d7d7a989621cc1
          Size/MD5:   551174 de8a4e5e3c69eda8a888e2a4be0d8771
          Size/MD5:    36538 b1c42f5d79806ca0ddb842d6e46589e4
          Size/MD5:   807300 2ec0838cfed794ad0dfba8e6c2f8f5a6
          Size/MD5:   795578 5177c5c668b1cb6ab972a42ba74ce69b
          Size/MD5:   275720 848f0e32688509c20e716bf56854b3c2

Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:    86115 e8ae94cf06df5aa69bcb4e9e3478dc3a
          Size/MD5:     1494 59db95aea21b88b40de41b4eb6286204
          Size/MD5:  3425843 bb11c95674e775b791dab2d15e630fa4

  Architecture independent packages:

          Size/MD5:  1309904 8a177134aefda1c1803ee8cea7876987

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  1014666 7eecb75acf8cfe96f0d8ad00dc6cd0f7
          Size/MD5:   777666 303a6a64d87e0666177f9ee63cf1a03c
          Size/MD5:   607592 f0abee0ba9c7cac159aa282ff04b968d
          Size/MD5:    37356 e60cf6a423c951786da162ffe21132a1
          Size/MD5:   864536 fd1367706366bfd805f692c39f331835
          Size/MD5:   863456 0e646ecc8d3e8e72fc65739a4bae3de9
          Size/MD5:   359004 6541b0c12852c3e490ddb20c06448eae

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   967152 3bc76bac8a99f2bceca5169cf9394f2c
          Size/MD5:   701712 b3aa303a9b2fcdcbdcb62595a6876f86
          Size/MD5:   563692 fbda90721b32837d401f72def5bae5d4
          Size/MD5:    33904 a3323cb518af641c59ea45369a65746f
          Size/MD5:   820722 d26fe8acb0a5aee307d06edae3e7e28a
          Size/MD5:   785386 afdcafaa8bac5e88aa4a13e0d749b2ea
          Size/MD5:   324412 bae919ee044ef9aaf19656b9d1976b19

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   994408 53e4d8355d376154e295df19d3a3c60d
          Size/MD5:   697522 5222a56651f77e522ca0ad1c6d6d5de6
          Size/MD5:   553434 48f46f951b7ebc278e84ad661d306f19
          Size/MD5:    34098 60966a769f8d75d8bc8253c687e38244
          Size/MD5:   810434 585824abaa30b7726f8e7beeae6150eb
          Size/MD5:   778354 6588b53390d8a294fc18ab6624e6c7c1
          Size/MD5:   320608 cb34801b64a53678cc553625fec3feaf

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   985248 ecf8b6d8401aebd949116cb0169a96fe
          Size/MD5:   793242 1fc757dad96c16d285df20a5137af4c6
          Size/MD5:   582210 87a282cc9ab3bf5af1015ce0624d01d9
          Size/MD5:    40434 3e24add8c4c0aaf0b7931dd185394d6d
          Size/MD5:   839218 0b75a09404be80b49058058c2aa6e746
          Size/MD5:   825710 58709b2af622ff835b15f799cd47fcfe
          Size/MD5:   344720 c07c4729d2191cf51d85654a83e8faf2

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   872512 b6f95a836cabc34e1266b76cc250a9e0
          Size/MD5:   730870 607909857dea94afe8102a7131595252
          Size/MD5:   551000 7fbe08e3223c9543645eadb4b9e0167a
          Size/MD5:    36486 c3540c5aadb1adc3f85f6276a1980d0c
          Size/MD5:   807954 a3ac3191b768e4b6e1e7b1c279b26a13
          Size/MD5:   798558 dd9c4b6bf81302a938f71ed0f9cf47c8
          Size/MD5:   338152 674bae887b0ae673dd4732498c5a738c

Ubuntu 815-1: libxml2 vulnerabilities

August 11, 2009
It was discovered that libxml2 did not correctly handle root XML document element DTD definitions

Summary

Update Instructions

References

Severity
libxml2 vulnerabilities

Package Information

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved