Ubuntu Security Notice USN-3504-1

Ubuntu Security Notice USN-3504-1: Posted Dec 5, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3504-1 - Wei Lei discovered that libxml2 incorrectly handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2017-16932; SHA-256 | 2d7133902f073433cd35586f29033e49d7a38a7defd8701eaf17ac23e034f979; Download | Favorite | View

Ubuntu Security Notice USN-3504-1

==========================================================================
Ubuntu Security Notice USN-3504-1
December 05, 2017

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

libxml2 could be made to crash if it opened a specially crafted
file.

Software Description:
- libxml2: GNOME XML library

Details:

Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  libxml2                         2.9.4+dfsg1-4ubuntu1.1
  libxml2-utils                   2.9.4+dfsg1-4ubuntu1.1
  python-libxml2                  2.9.4+dfsg1-4ubuntu1.1
  python3-libxml2                 2.9.4+dfsg1-4ubuntu1.1

Ubuntu 17.04:
  libxml2                         2.9.4+dfsg1-2.2ubuntu0.2
  libxml2-utils                   2.9.4+dfsg1-2.2ubuntu0.2
  python-libxml2                  2.9.4+dfsg1-2.2ubuntu0.2
  python3-libxml2                 2.9.4+dfsg1-2.2ubuntu0.2

Ubuntu 16.04 LTS:
  libxml2                         2.9.3+dfsg1-1ubuntu0.4
  libxml2-utils                   2.9.3+dfsg1-1ubuntu0.4
  python-libxml2                  2.9.3+dfsg1-1ubuntu0.4

Ubuntu 14.04 LTS:
  libxml2                         2.9.1+dfsg1-3ubuntu4.11
  libxml2-utils                   2.9.1+dfsg1-3ubuntu4.11
  python-libxml2                  2.9.1+dfsg1-3ubuntu4.11

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3504-1
  CVE-2017-16932

Package Information:
  https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-4ubuntu1.1
  https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-2.2ubuntu0.2
  https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.4
  https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.11

Top Authors In Last 30 Days

Red Hat 278 files
Ubuntu 57 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Ahmet Umit Bayram 5 files
nu11secur1ty 5 files
Adam Gowdiak 4 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,630)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,779)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,501)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

Ubuntu Security Notice USN-3504-1

Ubuntu Security Notice USN-3504-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-3504-1

Share This

Ubuntu Security Notice USN-3504-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems