Articles / Debian: New libxml2 package…

Debian: New libxml2 packages fix execution of arbitrary code

It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. Updated packages are available from security.debian.org.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1654-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
October 14, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-3529
Debian Bug     : 498768

It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names.  This could allow the execution of arbitrary
code via a malicious XML file.

For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-5.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.

We recommend that you upgrade your libxml2 package.


Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz
   Size/MD5 checksum:   220443 48cafbb8d1bd2c6093339fea3f14e4a0
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
   Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc
   Size/MD5 checksum:      893 0dc1f183dd20741e5b4e26a7f8e1c652

Architecture independent packages:

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb
   Size/MD5 checksum:  1328144 c1c5f0ceb391893a94e61c074b677ee9

alpha architecture (DEC Alpha)

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb
   Size/MD5 checksum:   820850 fac5556241bb0fde20913f25fb9c73ac
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb
   Size/MD5 checksum:    37980 725b1c6925e610b5843ba0ad554dc7bc
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb
   Size/MD5 checksum:   184754 5ccbaf07b44dcfe528167074050bf270
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb
   Size/MD5 checksum:   916830 17d71480b7e2a447dabde99c11d752fa
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb
   Size/MD5 checksum:   881834 cac19a28b37f7afb9e07966f44ddd5b2

amd64 architecture (AMD x86_64 (AMD64))

 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb
   Size/MD5 checksum:   184130 a13372752d162d0fb2ccd58da6b73e20
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb
   Size/MD5 checksum:    36684 8a0265229bebf9245dc7bb7cc6f41d36
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb
   Size/MD5 checksum:   796194 6019e59020269cca8fa8fea40f83c118
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb
   Size/MD5 checksum:   891922 606fc28448bead2709c39a1d3e529a25
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb
   Size/MD5 checksum:   745758 95bd39eb2818772c43c3351b22326fcd

arm architecture (ARM)

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb
   Size/MD5 checksum:   741876 1b670c6bac3aa9f7df28f7ea3f1e5725
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb
   Size/MD5 checksum:    34678 9a992dc251b137a919a813eed2af8489
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb
   Size/MD5 checksum:   165290 732b4e94b91a086c6b950d187af160bc
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb
   Size/MD5 checksum:   817514 299c93a812ac02a8aa9da88f4cb5aedf
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb
   Size/MD5 checksum:   673192 d2ff2c26ee8dae05f81c24aa6dfce9b5

hppa architecture (HP PA RISC)

 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb
   Size/MD5 checksum:   191876 4d2e33090237b47bc10e9526329f0bc5
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_hppa.deb
   Size/MD5 checksum:    36708 0ebf8554c5a0e873b128d52ceafccdfd
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_hppa.deb
   Size/MD5 checksum:   850210 bde343770ac9a7bd458e68a60c2b8434
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_hppa.deb
   Size/MD5 checksum:   858660 88f67d0d2aff41333ca2f4d4b2d6b5b2
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_hppa.deb
   Size/MD5 checksum:   864474 489dbd9d677c274c07abb88d0f23b969

i386 architecture (Intel ia32)

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_i386.deb
   Size/MD5 checksum:   755986 9fdf341ede17d7790202229db9cc1353
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_i386.deb
   Size/MD5 checksum:   169032 272c6be290817bf9cb8b401425fd83d5
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_i386.deb
   Size/MD5 checksum:   681472 d8a0611d638e0553da64a218fbcf291a
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_i386.deb
   Size/MD5 checksum:   857318 6946048170dd7d142c03c13794c30d6f
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_i386.deb
   Size/MD5 checksum:    34496 3e3674a714f780024630ad1a2ca46eab

ia64 architecture (Intel ia64)

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_ia64.deb
   Size/MD5 checksum:  1106480 03e08564e2bf843905daecdd7c5cc4c4
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_ia64.deb
   Size/MD5 checksum:   874222 ed9ab6fa068a5b07c22ec1c10db8e0ab
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_ia64.deb
   Size/MD5 checksum:  1080186 defc5f4f9eb80872a793cc025e33a111
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_ia64.deb
   Size/MD5 checksum:    48492 5a567323dc0bf8159a6eae87957266d5
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_ia64.deb
   Size/MD5 checksum:   196536 cdbb137c8bb31cf29114673c4cb28e67

mips architecture (MIPS (Big Endian))

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mips.deb
   Size/MD5 checksum:    34418 4a05346cb2fc6c314e7e8aef21662469
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mips.deb
   Size/MD5 checksum:   171678 c94bfffc6bde639623ce9a91028960e5
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mips.deb
   Size/MD5 checksum:   926922 ddc8ff03120dd78869830d38a5e8708d
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mips.deb
   Size/MD5 checksum:   840642 57f2ea24a31904c4b07531f6292a4a8e
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mips.deb
   Size/MD5 checksum:   770246 20ba2586e1406d66bd34642f13265dcf

mipsel architecture (MIPS (Little Endian))

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mipsel.deb
   Size/MD5 checksum:    34398 9f0ebfb1dc37496e6b7a4e9963ffaeff
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mipsel.deb
   Size/MD5 checksum:   898346 29680d5d5baa66e251e71f55aa128e3c
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mipsel.deb
   Size/MD5 checksum:   768976 8f6464a0ef61b3ddcd271652a01c7469
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mipsel.deb
   Size/MD5 checksum:   833252 5c83c05d44526479e7c550fd0d8cbdbe
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mipsel.deb
   Size/MD5 checksum:   168690 eb56cb1ea49795d0a5a18af468625941

powerpc architecture (PowerPC)

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_powerpc.deb
   Size/MD5 checksum:   898010 c3d61392afcb383d0f27d5f91fda721d
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_powerpc.deb
   Size/MD5 checksum:   770994 94ef895f8942b880e8823e10420120e6
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_powerpc.deb
   Size/MD5 checksum:   172726 5d097f0290be2bab9b93287bad07e83f
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_powerpc.deb
   Size/MD5 checksum:    37660 e977bc38e837077de7a006ef923b98bd
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_powerpc.deb
   Size/MD5 checksum:   779958 ad7245f8a9980d7f40234aefaf12a31b

s390 architecture (IBM S/390)

 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_s390.deb
   Size/MD5 checksum:   185726 91661276ed6cf371373b4e61805c81b8
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_s390.deb
   Size/MD5 checksum:   885618 218f2603ab94bf92ba45cd330fe15782
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_s390.deb
   Size/MD5 checksum:   806024 3abe21a0d756e5a0a2ca646f0ba32729
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_s390.deb
   Size/MD5 checksum:    36378 cbc5eb7e2f81adafeba8e857aee8c918
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_s390.deb
   Size/MD5 checksum:   750190 4172cb95d7aea2f9ee9331220cd5274c

sparc architecture (Sun SPARC/UltraSPARC)

 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_sparc.deb
   Size/MD5 checksum:   781522 c20ea9c8ab0ec798488e68c845650036
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_sparc.deb
   Size/MD5 checksum:   713144 e0139b86fbf9644678c2c6de6462bff1
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_sparc.deb
   Size/MD5 checksum:   759568 7d46f7ceb214711851cc1f27edef2c48
 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_sparc.deb
   Size/MD5 checksum:    34580 fceb65808b2c98f621d79352eea9d2d5
 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_sparc.deb
   Size/MD5 checksum:   176874 f27821fe07861f2e71658bc3eb0a595e


 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD4DBQFI9N2RwM/Gs81MDZ0RAqP7AJYxbWnJqF4zauFOietE80FTYW02AKDCOBt2
wvZ3MJ4FZeRn990jpLrh1A==
=FZQi
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.