drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in XML-RPC (Aktualisierung)
Name: |
Denial of Service in XML-RPC (Aktualisierung) |
|
ID: |
USN-1527-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Di, 11. September 2012, 10:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148 |
|
Applikationen: |
xmlrpc-c |
|
Update von: |
Zwei Probleme in expat |
|
Originalnachricht |
--===============6878725062004939956== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="32u276st3Jlj2kUU" Content-Disposition: inline
--32u276st3Jlj2kUU Content-Type: text/plain; charset=us-ascii Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1527-2 September 10, 2012
xmlrpc-c vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS
Summary:
XML-RPC for C and C++ could be made to cause a denial of service by consuming excessive CPU and memory resources.
Software Description: - xmlrpc-c: Lightweight RPC library based on XML and HTTP
Details:
USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS.
Original advisory details:
It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libxmlrpc-core-c3 1.16.33-3.1ubuntu5.1
Ubuntu 11.10: libxmlrpc-core-c3-0 1.16.32-0ubuntu4.1
Ubuntu 11.04: libxmlrpc-core-c3-0 1.16.32-0ubuntu3.1
Ubuntu 10.04 LTS: libxmlrpc-core-c3 1.06.27-1ubuntu7.1
After a standard system upgrade you need to restart any applications linked against XML-RPC for C and C++ to effect the necessary changes.
References: http://www.ubuntu.com/usn/usn-1527-2 http://www.ubuntu.com/usn/usn-1527-1 CVE-2012-0876, CVE-2012-1148
Package Information: https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.1 https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.32-0ubuntu4.1 https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.32-0ubuntu3.1 https://launchpad.net/ubuntu/+source/xmlrpc-c/1.06.27-1ubuntu7.1
--32u276st3Jlj2kUU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJQTl8dAAoJENaSAD2qAscKF+MQAJ//dMv4b51XP+LUiH9xTgRi 9wWz1oJia7+efMJ1BEwv3YFCULSqSIrTJo3pZR5BIatM6f8DWO+bX/llEAeuNxws 6ncxgiO6JhiVn3OFP2R2Vo6hycREjyx+AtLfpZ59mXw5tz0LSIAUUNJOXayWRoKt fyaWgrCtPCpcYKzPhuNk1YSqwdeZTXiVvVPgCjLUeY8j9qgGzI+5PPA7T5s/JH3E Getbc5qPGdn3/uQEaPhYkta0PLSJ6pdsGEvZ+jdb/nWqA+djXBI8fNwzqhnhnaZJ 2SnoFXpUG3kk7rbUU96+Xo5S2uNen+VRlmxswPJU4BTV1/u4LqMhV5mbwrcewzij Jit1HbNEdEZTWONmWyYYqj1dUZ41oGovPoLVx7xODlMWWi6hoIfX/57SRoQyFj6h /Ywv7O5pQFydk2fN1YgKjry+Sr3p1WpA474vXmsEcW40P3EX0/PoiW2s0MZRd5VX JmfwibM9/3yfF7r5xaTZJkaYC6a+zhBm79GVU2AWHo3VyHtZu/PSShvXgxXUaKYi QvsYgWR/EiKF8WGCVUDkzO3XgrlDo7dv+TgKmPMi1/CUuMt7kObIZIPn++CJjJun 0fg2K8m9glrMFyWRkNEKBVxXxmCkOO6xEcKanR41wLZGUhjw4eO+8wJdS7J8ZZZN KOFeAnxWkq6U+tB59SWo =m0UD -----END PGP SIGNATURE-----
--32u276st3Jlj2kUU--
--===============6878725062004939956== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6878725062004939956==--
|
|
|
|