-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1631-2 security@debian.org http://www.debian.org/security/ Steve Kemp August 26, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libxml2 Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-3281 The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported scurity problem. For reference the text of the previous security announcement follows: Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-4. For the unstable distribution (sid), this problem has been fixed in version 2.6.32.dfsg-3. We recommend that you upgrade your libxml2 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.dsc Size/MD5 checksum: 893 71d8dbd9fb4d082a273289513941da33 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.diff.gz Size/MD5 checksum: 145887 5579bcc5d4fb2e33789853d826e265a3 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-4_all.deb Size/MD5 checksum: 1328140 adb1d2d477eacbaf8347aa50eac782bb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 820516 31ef1df11042703555ae2be4cd070d77 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 881632 3ed598806d32756af480a32db50d29bb http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 184762 9dcde3e1f90ff7dfc42b2c8ce0c0e24e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 916300 ed1c5f1efa3dc141d5d4c79820bfef3c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 37978 47fe74c3d93abc8e596d836ef4eb8fcb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 184120 58ab6cccdd5484e4bfcf4b6dd27c9e00 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 36680 dd0b6f7984f011ae92bd7e09bf83f02f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 795770 4063d07d3876bfbc3f6fcf19e5cafb4a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 891790 b727f5ae98ce30abe97a1fba3ac40d38 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 745276 5af9ee2e1337339b2e892fedba428e3c arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 165294 ad35b56851b1593e360b686ecfec65fc http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 672778 b08822852ad4599685c9dc3188373c4d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 741398 47071e65bd39d46da2671a307254ae1e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 816988 f52a68650d018f67aab33ae26d5dd143 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 34672 a936724e14d1319ca9a79a0f3711d250 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_hppa.deb Size/MD5 checksum: 192854 81a84d2b04ad199969eff68a5132850e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_hppa.deb Size/MD5 checksum: 36858 2473f5535d88f7f15d5828896384c40a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_hppa.deb Size/MD5 checksum: 849856 99c8f064ed4f2eaad000bb5069ef302e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_hppa.deb Size/MD5 checksum: 863750 e830ea5314f70dee660743fc1c9b158d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_hppa.deb Size/MD5 checksum: 858008 4fea504a87f852497df6288315275ccf i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_i386.deb Size/MD5 checksum: 681202 30924287393f6c3be0cabd7459233384 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_i386.deb Size/MD5 checksum: 755716 8d5a4b27d85883876fb6a801b81e4a22 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_i386.deb Size/MD5 checksum: 169028 e888a4121857a3e71a2e7fa45a047571 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_i386.deb Size/MD5 checksum: 34496 53a91e24ea34079fe292b4fab6b2896b http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_i386.deb Size/MD5 checksum: 857040 8b37acacabb9d85ab8992d5426f28c82 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_ia64.deb Size/MD5 checksum: 1105708 88c594f73ceaaca62dfa28274bd31fe9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_ia64.deb Size/MD5 checksum: 1079688 f2a9fa0eb94dcdb5175111f6b3359bc9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_ia64.deb Size/MD5 checksum: 873912 c7ba5c84b4972aa287c2d27a0427864e http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_ia64.deb Size/MD5 checksum: 196530 5ee6abed0af70043dbdc76f4d4623fe9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_ia64.deb Size/MD5 checksum: 48498 f868a6d64cb5bdb14bdcf97e8aa0dd1e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_mips.deb Size/MD5 checksum: 171664 355f77c5275a13f3eb83527068cff621 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_mips.deb Size/MD5 checksum: 769486 cfa1b956ceb1e04ecbd9509df27dfa6a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_mips.deb Size/MD5 checksum: 34426 91378abe49acd1892f74cb46ade696e1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_mips.deb Size/MD5 checksum: 926324 05a3b536190e243ab38ab8be3dc0b2e1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_mips.deb Size/MD5 checksum: 839986 e125b22dd4493e44127569c0c6c2a123 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_mips.deb Size/MD5 checksum: 840028 454d30d21466c6991d36709d545bb616 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_mips.deb Size/MD5 checksum: 769770 a9fdc081287daeac42162ce1a2175ab4 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_mips.deb Size/MD5 checksum: 34426 dbc7089955d66008c4f5cf83dc9b99d1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_mips.deb Size/MD5 checksum: 926092 7eb78aa1b849416a958e1348af488859 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_mips.deb Size/MD5 checksum: 171672 27c5bdf91c1d4b60968907e1b62cca4d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_mipsel.deb Size/MD5 checksum: 832738 a6de09f65ab37e850751d97829cc6617 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_mipsel.deb Size/MD5 checksum: 168694 2f29cc087add99df4f6ab916a9926811 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_mipsel.deb Size/MD5 checksum: 897444 867b3e92f1a42f0bc65f7238ce560f46 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_mipsel.deb Size/MD5 checksum: 768592 cb9819c21c8e6b030f9859db384c57aa http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_mipsel.deb Size/MD5 checksum: 34402 ab51ba73d01bcd7565a3484f2f0773b4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_powerpc.deb Size/MD5 checksum: 37664 44817ba18e1cbef8bb632931619799b8 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_powerpc.deb Size/MD5 checksum: 897608 ace5c9edc38cf6a827c2a3bdd8f148d2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_powerpc.deb Size/MD5 checksum: 779646 d9a1addfd80b91de74d135ae721f2289 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_powerpc.deb Size/MD5 checksum: 770646 aea60a0c32642ff21a7b4df0a8cf718f http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_powerpc.deb Size/MD5 checksum: 172734 4777957bb08a5078eaa157fb1137198d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_s390.deb Size/MD5 checksum: 805482 3a09ab61016672208e30a5e217305f1a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_s390.deb Size/MD5 checksum: 749824 9277f1e383f35050030bc4d22cf6c835 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_s390.deb Size/MD5 checksum: 185726 03cd09eb4a14e6905211421ed425df4e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_s390.deb Size/MD5 checksum: 884934 80a368f56c164922488988957898b702 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_s390.deb Size/MD5 checksum: 36372 d1e9cb343470264435e5fb6642f2ca3f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_sparc.deb Size/MD5 checksum: 712810 804bcef65cec53bb7b801fc15736c435 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_sparc.deb Size/MD5 checksum: 759322 42dc3f7722459a697efad99eadbe357e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_sparc.deb Size/MD5 checksum: 781040 4f066aa412fd8c29e9780d8d0a690ccd http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_sparc.deb Size/MD5 checksum: 34576 ad057148379fcd1ca730e17fd2d4cf00 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_sparc.deb Size/MD5 checksum: 176872 49f013c4d6097a188d85c80edcda1ced These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFItEK6wM/Gs81MDZ0RAmbkAKCLssK/lsN+yKcYnfKm1qSNme8wQQCfRen2 kIpqRbjJBLr7yInFLT4S5Oo= =LFMV -----END PGP SIGNATURE-----