libxml2 regression

2014-06-17T00:00:00

Description

## Releases * Ubuntu 14.04 ESM * Ubuntu 13.10 * Ubuntu 12.04 * Ubuntu 10.04 ## Packages * libxml2 \- GNOME XML library USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

Affected Package

OS	OS Version	Package Name	Package Version
Ubuntu	14.04	libxml2	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	libxml2-dbg	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	libxml2-dev	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	libxml2-doc	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	libxml2-udeb	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	libxml2-utils	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	libxml2-utils-dbg	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	python-libxml2	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	14.04	python-libxml2-dbg	2.9.1+dfsg1-3ubuntu4.3
Ubuntu	13.10	libxml2	2.9.1+dfsg1-3ubuntu2.3
Ubuntu	12.04	libxml2	2.7.8.dfsg-5.1ubuntu4.9
Ubuntu	10.04	libxml2	2.7.6.dfsg-1ubuntu1.13

{"id": "USN-2214-3", "vendorId": null, "type": "ubuntu", "bulletinFamily": "unix", "title": "libxml2 regression", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n * Ubuntu 13.10 \n * Ubuntu 12.04 \n * Ubuntu 10.04 \n\n## Packages\n\n * libxml2 \\- GNOME XML library\n\nUSN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a \nnumber of regressions. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nDaniel Berrange discovered that libxml2 would incorrectly perform entity \nsubstitution even when requested not to. If a user or automated system were \ntricked into opening a specially crafted document, an attacker could \npossibly cause resource consumption, resulting in a denial of service.\n", "published": "2014-06-17T00:00:00", "modified": "2014-06-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/notices/USN-2214-3", "reporter": "Ubuntu", "references": ["https://launchpad.net/bugs/1321869"], "cvelist": [], "immutableFields": [], "lastseen": "2023-01-26T13:31:52", "viewCount": 25, "enchantments": {"dependencies": {"references": []}, "score": {"value": 2.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310841864"]}]}, "exploitation": null, "vulnersScore": 2.7}, "_state": {"dependencies": 1674739925, "score": 1674739998, "epss": 1678856911}, "_internal": {"score_hash": "c2c2a33351fa02ac415b106f6137ba47"}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2-dbg"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2-dev"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2-doc"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2-udeb"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2-utils"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2-utils-dbg"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "python-libxml2"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu4.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "python-libxml2-dbg"}, {"OS": "Ubuntu", "OSVersion": "13.10", "arch": "noarch", "packageVersion": "2.9.1+dfsg1-3ubuntu2.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "packageVersion": "2.7.8.dfsg-5.1ubuntu4.9", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "2.7.6.dfsg-1ubuntu1.13", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libxml2"}]}