Sicherheit: Zwei Probleme in libxml2

Lesezeichen hinzufügen

--===============5556178762987539165==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="4Ckj6UjgE2iN1+kY"
Content-Disposition: inline

--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5422-1
May 16, 2022

libxml2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in libxml2.

Software Description:
- libxml2: GNOME XML library

Details:

Shinji Sato discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-29824)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libxml2 2.9.13+dfsg-1ubuntu0.1
libxml2-utils 2.9.13+dfsg-1ubuntu0.1

Ubuntu 21.10:
libxml2 2.9.12+dfsg-4ubuntu0.2
libxml2-utils 2.9.12+dfsg-4ubuntu0.2

Ubuntu 20.04 LTS:
libxml2 2.9.10+dfsg-5ubuntu0.20.04.3
libxml2-utils 2.9.10+dfsg-5ubuntu0.20.04.3

Ubuntu 18.04 LTS:
libxml2 2.9.4+dfsg1-6.1ubuntu1.6
libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.6

Ubuntu 16.04 ESM:
libxml2 2.9.3+dfsg1-1ubuntu0.7+esm2
libxml2-utils 2.9.3+dfsg1-1ubuntu0.7+esm2

Ubuntu 14.04 ESM:
libxml2 2.9.1+dfsg1-3ubuntu4.13+esm3
libxml2-utils 2.9.1+dfsg1-3ubuntu4.13+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5422-1
CVE-2022-23308, CVE-2022-29824

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml2/2.9.12+dfsg-4ubuntu0.2
https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.3
https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.6

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmKCoZ0ACgkQRbznW4QL
H2lgxA//bva/uhYhPzKmzkvwUNCXUR9GThl0jsY2JsNbyvd/NSBgalH/bUvUMckW
ypc5Qdz5rrxqJbqAYuLJ88+ngac+poTXQ6pwSjarr3V+jqAGU/zGQBUE/vtbZ7P+
MdeMx2nloGqcfINQJrAJp7uZOkkcoja7X4sgOfabIvJIBZv56qxYuqUGULT8VtdG
F89O0Fsm0Z+/Zy+cf+a6GALYuEZUo5QMkAPxqB5U68Tr1unqh+ajmEb9fMlJXlMW
XRDt3ryWLIcOlSU4I0ALCYK5TF2gThObm/RYP7j2gGWXBrvbMWA3fKY2i8J6Qvz0
JvAf7vZOqa5wUXEBcqyiwSv4Ry4YPfKhs7vk7wiigslNrJ0bBM07XNkXQiWjJVBV
uw9ScdBB2ZUQOidx7C1hFis498s+AY0VdQl/9+FfI1PdXbu4eirQwNoeK6uDFxvv
/9tv8ks8i+0LDJrOgZ0+lMstQPnx4Uq/ufF5/zyC3xoQD330VnU/qQ1dYpJBGhnZ
L+9F6k1kbKR/gyub/9fqN+VtSXkh0tjz23vI4YZE88QZKtktMeBKCmE2zlNww9Pq
ZwaWrXOG7Luc0hPu7C4QrpG6dfjgSA4vMfCte0kmmNc4t7oLscOn/G5K5AIkskrk
5VMaAotYBaDwdcGPJEQVYD6MMxkaWG5jyYS78cgwQoaiqpxHxhA=
=aZD1
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--

--===============5556178762987539165==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--===============5556178762987539165==--