Denial of Service in libxml2
ID: | USN-1376-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
Datum: | Di, 28. Februar 2012, 06:34 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841 |
Applikationen: | libxml2 |
Originalnachricht |
|
--===============6654079222780701104== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-oavf7AxF0rqhTZdsuxtk" --=-oavf7AxF0rqhTZdsuxtk Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1376-1 February 27, 2012 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: libxml2 could be made to cause a denial of service by consuming excessive CPU resources. Software Description: - libxml2: GNOME XML library Details: Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.2 Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.3 Ubuntu 10.10: libxml2 2.7.7.dfsg-4ubuntu0.4 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.4 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.8 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1376-1 CVE-2012-0841 Package Information: https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.2 https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2ubuntu0.3 https://launchpad.net/ubuntu/+source/libxml2/2.7.7.dfsg-4ubuntu0.4 https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.4 https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.8 --Øavf7AxF0rqhTZdsuxtk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCgAGBQJPTBawAAoJEFHb3FjMVZVzYhoP/2F0jR9WIBxAnlyvHl9e208U IwgYTalQwHGm1R6JPUFlloe+9ibAbIVYgBcEAtNzG7clHIWTNcP0bYJG2yj9iu3x 3CsDIGGDpel84f5YqGeGVC3Nh9HRd9Pm/5R3FQE1HlYGYTIav4bTope25Syz2nP1 UtAfoKrUTvlORA1jPMVjo2FI8m453ZucD12DVF0QstCiUUId9dFgTooiVuCnM4ci GiC83NhR9eRfr5OMAKWyBhEpcmbbIEs2Y5XdGK4Ai8ubnj+9qrd2qCsKAHhKQHld Vu5MPCAPk5c3Gnw/cmyj5DjdwebTq1otvkjiGvujw6pwRO5CxYj6nDuvmeoWJdpq 1gznEAJ/Uop1aPRE9gM3rZAujRTIw1pj+KFCgQ3lrFejk+u0D2ziCJYh47W2vveS fkCcCVxFQGGPeEvgGCD9FzlQ1aAONKXQvl2/rtWfITjUJjODJkdL327t2uk7raBY 466E0QXyowLclF1cBOUQFpUYLVRRRWkY7zOiLaYxLuCawOI81ExsB1iJr/HMFuXD J91DbYKcDAKemP5H1h+rU1VObMMydmZSTCKXTzno2etonrfJnf3id4nBrNdCTRUu tvyPx56VfFV6LqdI+RoYZbgUAO3HMrAEdn2ITkeNzs9I9PNvihjmeDOu6R2y6Mby 6Qae6Q7gfOiL7oSZasRx =yuAq -----END PGP SIGNATURE----- --=-oavf7AxF0rqhTZdsuxtk-- --===============6654079222780701104== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============6654079222780701104==-- |