drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libxml2
Name: |
Mehrere Probleme in libxml2 |
|
ID: |
USN-3235-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10 |
|
Datum: |
Do, 16. März 2017, 15:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 |
|
Applikationen: |
libxml2 |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3154680995290692198== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="venT8rJJeodNF0Ql7cJSqeOECgc6npHId"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --venT8rJJeodNF0Ql7cJSqeOECgc6npHId Content-Type: multipart/mixed; boundary="8FBVLBaiHEBPTOcqfLh2LFruFaDwGvw9v" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <b8679c64-c914-6fe7-8da0-528ec1a2bcd9@canonical.com> Subject: [USN-3235-1] libxml2 vulnerabilities
--8FBVLBaiHEBPTOcqfLh2LFruFaDwGvw9v Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3235-1 March 16, 2017
libxml2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2.
Software Description: - libxml2: GNOME XML library
Details:
It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448)
It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4658)
Nick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5131)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: libxml2 2.9.4+dfsg1-2ubuntu0.1
Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.2
Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.9
Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.17
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3235-1 CVE-2016-4448, CVE-2016-4658, CVE-2016-5131
Package Information: https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.9 https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.17
--8FBVLBaiHEBPTOcqfLh2LFruFaDwGvw9v--
--venT8rJJeodNF0Ql7cJSqeOECgc6npHId Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJYyn59AAoJEGVp2FWnRL6TVrgQAKpa+/Kqf1JZE12YKuwTsYji Vto7YaTyzqSzlE1BpULahQ4OZ8o+0NEg/WroGH7C2pA0cnRIiX8n0Pd+T1BV/ctA U83+D8Zd9zMB5N4dEjD+1cMpMBxLMdgxcZadkfZQCbvPnv82MOvmocnUaB+F5Knn 2hfQiixRoFbTLjg8YJiWzOKyVknPRRlyBOs1eOyUZAvpxdOR/YKAH4yPn/yQATHT bjVJVzRi1MKf6pzeLs02CBUgM4V44lmsIiAfOXS/T3zk+rvyKUJ6HvZWpX/Wdstl uQYxUf3ZYYEdUkk8XxmQUKG3xMmL3djEe/QiLA/NXE25koBvXamMGOUbtgKke2aE N093qiabw4084Dz1NNSwkLl6FGo8GJMGZlh8SkAocbqF++DMA9bFH9rcVIFtbSJx 5LUo3PQDTE8kzeH+ymsjHDGXpWvGc9ZhGiosTUa15LL5qJhyC2Tb+m4BNWe6lGYT TAfRNKU7tbKV1PnyM2IPGQTYkkkzRldnlL7Y6JvtQw8pUHj18mqemIdYxN6NqqCl A69ajd+vPEAgBPnUvLIjZcdPkmJhoKTDYuZS7AwvDOPpEdexSohM/MGb9QYDNXIi uXjhYX28bEBRruPQqR93pC9kIDI0N+gKM5vIitbStn3vG5wNfYvFkTRIDCIbOgT1 ccDUNEVAzhLgtqU4xCue =rs5Z -----END PGP SIGNATURE-----
--venT8rJJeodNF0Ql7cJSqeOECgc6npHId--
--===============3154680995290692198== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3154680995290692198==--
|
|
|
|