Sicherheit: Denial of Service in libxml2 (Aktualisierung)

Lesezeichen hinzufügen

--===============7782651669174994212==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-N5MYw01IfKuwljeed6Tr"

--=-N5MYw01IfKuwljeed6Tr
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3504-2
December 05, 2017

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

curl could be made to crash if it received specially crafted
input.

Software Description:
- libxml2: GNOME XML library

Details:

USN-3504-1 fixed a vulnerability in libxml2. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
libxml2 2.7.8.dfsg-5.1ubuntu4.19
libxml2-utils 2.7.8.dfsg-5.1ubuntu4.19
python-libxml2 2.7.8.dfsg-5.1ubuntu4.19

In general, a standard system update will make all the necessary
changes.

References:
https://www.ubuntu.com/usn/usn-3504-2
https://www.ubuntu.com/usn/usn-3504-1
CVE-2017-16932

--=-N5MYw01IfKuwljeed6Tr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJaJrA9AAoJEEW851uECx9p7zoQAI6hYhOPGJufbfru7ST+JBcC
2sll7Wr/ejLmX811yFOo49X7WD+H+1vvTTTnSpkbNjqVOKA9Y1tZIP7XFkrJyOBE
kzTs+sqFHO2Eiu58B0xuMFTF27EKcyAdr/fjdacJ0qDV+Zx45cIAoKCfcx7C6X8x
ie1eLMDx1Mc/DRkIcLCzHjuZG/f9SxGUW5H2Y/Rb2VJUYwPfrChMjJ+EMSYX/56+
gZqodSJ/LG60fD7F2E36opGrWAa80WN6/KPdBXVZvo/GS1MbejbjeHbiRsV9SrXl
iRp8lViWJ7mAy+ch9PeadDU7a1EzC6nweEnjX4m0tZjyxqtf5LqumACCBDc63o/a
hc42DqhaRxaqC3KVgZOIFMJOewJewryocPMpI7uA+DkXkAAPcJPy8XpfCOgBtj/t
2sIVV6wFWO5nxSbx4esRmzrgF0bw8SmkERT41zJ8R9Q/iadv4Ke8uh01ibyiav05
ns1u+GmKa3aBUC37z+5ZQNPlq3U8aeiTgxmSGQf27xQVSUKFJUwlObjTABDlj5tl
WXgi/dEZWjoFtTL14P+aTnCKBX7ytchkPK0jtgvPkeuiXwyvcSuln5peQV7ijDT+
UlVylbGTRnFALcn5TTeW3XfwQ2JkxD7DHZC4ryhZlTEU8xHjF0hr+/J346BMQ+VV
/w7Rhydkzv8X72ynBNAL
=Hukv
-----END PGP SIGNATURE-----

--=-N5MYw01IfKuwljeed6Tr--

--===============7782651669174994212==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7782651669174994212==--