Packages
- libxml2 -
Details
It was discovered that libxml2 did not correctly handle root XML document
element DTD definitions. If a user were tricked into processing a specially
crafted XML document, a remote attacker could cause the application linked
against libxml2 to crash, leading to a denial of service. (CVE-2009-2414)
It was discovered that libxml2 did not correctly parse Notation and
Enumeration attribute types. If a user were tricked into processing a
specially crafted XML document, a remote attacker could cause the
application linked against libxml2 to crash, leading to a denial of
service. (CVE-2009-2416)
USN-644-1 fixed a vulnerability in libxml2. This advisory provides the
corresponding update for Ubuntu 9.04.
Original advisory details:
It was discovered that libxml2 did not correctly handle long entity names.
If a user were tricked into processing a...
It was discovered that libxml2 did not correctly handle root XML document
element DTD definitions. If a user were tricked into processing a specially
crafted XML document, a remote attacker could cause the application linked
against libxml2 to crash, leading to a denial of service. (CVE-2009-2414)
It was discovered that libxml2 did not correctly parse Notation and
Enumeration attribute types. If a user were tricked into processing a
specially crafted XML document, a remote attacker could cause the
application linked against libxml2 to crash, leading to a denial of
service. (CVE-2009-2416)
USN-644-1 fixed a vulnerability in libxml2. This advisory provides the
corresponding update for Ubuntu 9.04.
Original advisory details:
It was discovered that libxml2 did not correctly handle long entity names.
If a user were tricked into processing a specially crafted XML document, a
remote attacker could execute arbitrary code with user privileges or cause
the application linked against libxml2 to crash, leading to a denial of
service. (CVE-2008-3529)
Update instructions
After a standard system upgrade you need to restart your sessions to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.04 jaunty | libxml2 – 2.6.32.dfsg-5ubuntu4.2 | ||
| 8.10 intrepid | libxml2 – 2.6.32.dfsg-4ubuntu1.2 | ||
| 8.04 hardy | libxml2 – 2.6.31.dfsg-2ubuntu1.4 | ||
| 6.06 dapper | libxml2 – 2.6.24.dfsg-1ubuntu1.5 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.