drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libxml2 (Aktualisierung)
Name: |
Ausführen beliebiger Kommandos in libxml2 (Aktualisierung) |
|
ID: |
USN-6658-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro) |
|
Datum: |
Mo, 11. März 2024, 23:10 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062 |
|
Applikationen: |
libxml2 |
|
Update von: |
Ausführen beliebiger Kommandos in libxml2 |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3213540836432102732== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------5lToba0Wnh81YhvaCjyywOdK"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------5lToba0Wnh81YhvaCjyywOdK Content-Type: multipart/mixed; boundary="------------p6TBbeZfChAVpQjrfo0xVBkw"; protected-headers="v1" From: Ian Constantin <ian.constantin@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <9845665a-b5c4-46a7-b0d0-1e1a0059ca90@canonical.com> Subject: [USN-6658-2] libxml2 vulnerability
--------------p6TBbeZfChAVpQjrfo0xVBkw Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6658-2 March 11, 2024
libxml2 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
libxml2 could be made to crash or run programs if it opened a specially crafted file.
Software Description: - libxml2: GNOME XML library
Details:
USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libxml2 2.9.4+dfsg1-6.1ubuntu1.9+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libxml2 2.9.3+dfsg1-1ubuntu0.7+esm6
Ubuntu 14.04 LTS (Available with Ubuntu Pro): libxml2 2.9.1+dfsg1-3ubuntu4.13+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6658-2 https://ubuntu.com/security/notices/USN-6658-1 CVE-2024-25062
--------------p6TBbeZfChAVpQjrfo0xVBkw--
--------------5lToba0Wnh81YhvaCjyywOdK Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmXvYg0FAwAAAAAACgkQa1+PL+d1/EgM bQv+Lq3H7e7A3D+SIYe7R5LU22r9Pta7MTv6HQKYO44nlvdVhL5l4OiwQYVZHsz1VJkcd5CUEZS3 uDuUdZ4jLidsoPaLSY4n88lrC+AA4sP0/aXHLr7+FEFiQrLPy+6rlE0Ox1JGeQcOkdIHZspuqKuf AjfYnFH/jLo7Gev0xIZ7hz6ZMcKIeZzh5HPHYxUzTe6a1jtpO7pzKfe6KOA0Lz8HrH8AtegxTl59 PsUb4/yWPatBUiSLJkjn6OM8YT4LT1gwLBzgbY9JCfdRgs3hbnsz5Qwu0FsulnLeSNaE6IHX5ITX ijlPlBSF+qHnra+L4BwaxN97uS0n/UXWPYGRM4yXuPEuZYL9BxJse3Sq1vOQ458AWOU+bKiIaU+z x/x7GFHwpBwdlnGYnRW403uRs8zJ8Oed32MDsgotHbGZbHKv/xeXvAXeM4v+zz8YdJaCY5QZYnXi GtRWpR0IBvY13uqfb5RKH0CCTTTY4NJyAXAUwcX1Wf3zvdl5k+v9Hoy9kltj =8LPl -----END PGP SIGNATURE-----
--------------5lToba0Wnh81YhvaCjyywOdK--
--===============3213540836432102732== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3213540836432102732==--
|
|
|
|