Ubuntu Security Notice USN-1376-1
27th February, 2012
libxml2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary
libxml2 could be made to cause a denial of service by consuming excessive CPU resources.
Software description
- libxml2 - GNOME XML library
Details
Juraj Somorovsky discovered that libxml2 was vulnerable to hash table
collisions. If a user or application linked against libxml2 were tricked
into opening a specially crafted XML file, an attacker could cause a
denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.10:
- libxml2 2.7.8.dfsg-4ubuntu0.2
- Ubuntu 11.04:
- libxml2 2.7.8.dfsg-2ubuntu0.3
- Ubuntu 10.10:
- libxml2 2.7.7.dfsg-4ubuntu0.4
- Ubuntu 10.04 LTS:
- libxml2 2.7.6.dfsg-1ubuntu1.4
- Ubuntu 8.04 LTS:
- libxml2 2.6.31.dfsg-2ubuntu1.8
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.