Ubuntu Security Notice USN-1016-1
10th November, 2010
libxml2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
libxml2 could be made to crash or run programs as your login if it opened a specially crafted file.
Software description
- libxml2 - GNOME XML library
Details
Bui Quang Minh discovered that libxml2 did not properly process XPath
namespaces and attributes. If an application using libxml2 opened a
specially crafted XML file, an attacker could cause a denial of service or
possibly execute code as the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 10.10:
- libxml2 2.7.7.dfsg-4ubuntu0.1
- Ubuntu 10.04 LTS:
- libxml2 2.7.6.dfsg-1ubuntu1.1
- Ubuntu 9.10:
- libxml2 2.7.5.dfsg-1ubuntu1.2
- Ubuntu 8.04 LTS:
- libxml2 2.6.31.dfsg-2ubuntu1.5
- Ubuntu 6.06 LTS:
- libxml2 2.6.24.dfsg-1ubuntu1.6
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make all
the necessary changes.