=========================================================== Ubuntu Security Notice USN-10-1 October 28, 2004 XML library vulnerabilities CAN-2004-0981 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libxml2 The problem can be corrected by upgrading the affected package to version 2.6.11-3ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several buffer overflows have been discovered in libxml2's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml2. Since libxml2 is used in packages like php4-imagick, the vulnerability also might lead to privilege escalation, like executing attacker supplied code with a web server's privileges. However, this does not affect the core XML parsing code, which is what the majority of programs use this library for. Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.11-3ubuntu1.1.diff.gz Size/MD5: 81651 eae051ac1100f886cbd8283edf8e5607 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.11-3ubuntu1.1.dsc Size/MD5: 789 918f6210e51f5bc9832ae6c0a1b9b01c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.11.orig.tar.gz Size/MD5: 3693599 c391173a26ec7c2ac702b54d06420fdb Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.11-3ubuntu1.1_all.deb Size/MD5: 982544 841f55ccc2187805a18e58f13c38a326 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.11-3ubuntu1.1_amd64.deb Size/MD5: 1329748 de1f602df0902fdbe933a9642b8a8c69 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-python2.3_2.6.11-3ubuntu1.1_amd64.deb Size/MD5: 489060 f1e515cb1c197e5e560940e235a6a25b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.11-3ubuntu1.1_amd64.deb Size/MD5: 257016 62c9834d6c4f9f24bc5d8fe95c06a6d3 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.11-3ubuntu1.1_amd64.deb Size/MD5: 672770 7723dbd0c5766dd5ac665b8a136ae424 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.11-3ubuntu1.1_i386.deb Size/MD5: 1255242 825d79ae6985fb4b802647f092e9b054 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-python2.3_2.6.11-3ubuntu1.1_i386.deb Size/MD5: 458560 8b1dd60cfadcf398d738747f4c0bc2c7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.11-3ubuntu1.1_i386.deb Size/MD5: 254420 e98777bd621906359d84d186102ad91b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.11-3ubuntu1.1_i386.deb Size/MD5: 629992 f5cfca49f3212efaaf58d226ad4bc688 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.11-3ubuntu1.1_powerpc.deb Size/MD5: 1416378 ec8500e62980b717e0acfe72a0898770 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-python2.3_2.6.11-3ubuntu1.1_powerpc.deb Size/MD5: 484820 ae0eb37b289128fb64ccf69120437424 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.11-3ubuntu1.1_powerpc.deb Size/MD5: 258252 c605662898a320d67bca0fe082a64110 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.11-3ubuntu1.1_powerpc.deb Size/MD5: 675066 5f9ce27c76c23031b25239b3d3607d71
Attachment:
signature.asc
Description: Digital signature