Packages
- libxml2 -
Details
It was discovered that libxml2 did not correctly handle long entity names.
If a user were tricked into processing a specially crafted XML document,
a remote attacker could execute arbitrary code with user privileges
or cause the application linked against libxml2 to crash, leading to a
denial of service. (CVE-2008-3529)
USN-640-1 fixed vulnerabilities in libxml2. When processing extremely
large XML documents with valid entities, it was possible to incorrectly
trigger the newly added vulnerability protections. This update fixes
the problem. (CVE-2008-3281)
It was discovered that libxml2 did not correctly handle long entity names.
If a user were tricked into processing a specially crafted XML document,
a remote attacker could execute arbitrary code with user privileges
or cause the application linked against libxml2 to crash, leading to a
denial of service. (CVE-2008-3529)
USN-640-1 fixed vulnerabilities in libxml2. When processing extremely
large XML documents with valid entities, it was possible to incorrectly
trigger the newly added vulnerability protections. This update fixes
the problem. (CVE-2008-3281)
Update instructions
In general, a standard system upgrade is sufficient to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
8.04 hardy | libxml2 – 2.6.31.dfsg-2ubuntu1.2 | ||
7.10 gutsy | libxml2 – 2.6.30.dfsg-2ubuntu1.3 | ||
7.04 feisty | libxml2 – 2.6.27.dfsg-1ubuntu3.3 | ||
6.06 dapper | libxml2 – 2.6.24.dfsg-1ubuntu1.3 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.