Articles / Debian: New libxml2 package…

Debian: New libxml2 packages fix execution of arbitrary code

It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. Updated packages are available from
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1654-1                                       Steve Kemp
October 14, 2008            
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-3529
Debian Bug     : 498768

It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names.  This could allow the execution of arbitrary
code via a malicious XML file.

For the stable distribution (etch), this problem has been fixed in version

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.

We recommend that you upgrade your libxml2 package.

Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
   Size/MD5 checksum:   220443 48cafbb8d1bd2c6093339fea3f14e4a0
   Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
   Size/MD5 checksum:      893 0dc1f183dd20741e5b4e26a7f8e1c652

Architecture independent packages:
   Size/MD5 checksum:  1328144 c1c5f0ceb391893a94e61c074b677ee9

alpha architecture (DEC Alpha)
   Size/MD5 checksum:   820850 fac5556241bb0fde20913f25fb9c73ac
   Size/MD5 checksum:    37980 725b1c6925e610b5843ba0ad554dc7bc
   Size/MD5 checksum:   184754 5ccbaf07b44dcfe528167074050bf270
   Size/MD5 checksum:   916830 17d71480b7e2a447dabde99c11d752fa
   Size/MD5 checksum:   881834 cac19a28b37f7afb9e07966f44ddd5b2

amd64 architecture (AMD x86_64 (AMD64))
   Size/MD5 checksum:   184130 a13372752d162d0fb2ccd58da6b73e20
   Size/MD5 checksum:    36684 8a0265229bebf9245dc7bb7cc6f41d36
   Size/MD5 checksum:   796194 6019e59020269cca8fa8fea40f83c118
   Size/MD5 checksum:   891922 606fc28448bead2709c39a1d3e529a25
   Size/MD5 checksum:   745758 95bd39eb2818772c43c3351b22326fcd

arm architecture (ARM)
   Size/MD5 checksum:   741876 1b670c6bac3aa9f7df28f7ea3f1e5725
   Size/MD5 checksum:    34678 9a992dc251b137a919a813eed2af8489
   Size/MD5 checksum:   165290 732b4e94b91a086c6b950d187af160bc
   Size/MD5 checksum:   817514 299c93a812ac02a8aa9da88f4cb5aedf
   Size/MD5 checksum:   673192 d2ff2c26ee8dae05f81c24aa6dfce9b5

hppa architecture (HP PA RISC)
   Size/MD5 checksum:   191876 4d2e33090237b47bc10e9526329f0bc5
   Size/MD5 checksum:    36708 0ebf8554c5a0e873b128d52ceafccdfd
   Size/MD5 checksum:   850210 bde343770ac9a7bd458e68a60c2b8434
   Size/MD5 checksum:   858660 88f67d0d2aff41333ca2f4d4b2d6b5b2
   Size/MD5 checksum:   864474 489dbd9d677c274c07abb88d0f23b969

i386 architecture (Intel ia32)
   Size/MD5 checksum:   755986 9fdf341ede17d7790202229db9cc1353
   Size/MD5 checksum:   169032 272c6be290817bf9cb8b401425fd83d5
   Size/MD5 checksum:   681472 d8a0611d638e0553da64a218fbcf291a
   Size/MD5 checksum:   857318 6946048170dd7d142c03c13794c30d6f
   Size/MD5 checksum:    34496 3e3674a714f780024630ad1a2ca46eab

ia64 architecture (Intel ia64)
   Size/MD5 checksum:  1106480 03e08564e2bf843905daecdd7c5cc4c4
   Size/MD5 checksum:   874222 ed9ab6fa068a5b07c22ec1c10db8e0ab
   Size/MD5 checksum:  1080186 defc5f4f9eb80872a793cc025e33a111
   Size/MD5 checksum:    48492 5a567323dc0bf8159a6eae87957266d5
   Size/MD5 checksum:   196536 cdbb137c8bb31cf29114673c4cb28e67

mips architecture (MIPS (Big Endian))
   Size/MD5 checksum:    34418 4a05346cb2fc6c314e7e8aef21662469
   Size/MD5 checksum:   171678 c94bfffc6bde639623ce9a91028960e5
   Size/MD5 checksum:   926922 ddc8ff03120dd78869830d38a5e8708d
   Size/MD5 checksum:   840642 57f2ea24a31904c4b07531f6292a4a8e
   Size/MD5 checksum:   770246 20ba2586e1406d66bd34642f13265dcf

mipsel architecture (MIPS (Little Endian))
   Size/MD5 checksum:    34398 9f0ebfb1dc37496e6b7a4e9963ffaeff
   Size/MD5 checksum:   898346 29680d5d5baa66e251e71f55aa128e3c
   Size/MD5 checksum:   768976 8f6464a0ef61b3ddcd271652a01c7469
   Size/MD5 checksum:   833252 5c83c05d44526479e7c550fd0d8cbdbe
   Size/MD5 checksum:   168690 eb56cb1ea49795d0a5a18af468625941

powerpc architecture (PowerPC)
   Size/MD5 checksum:   898010 c3d61392afcb383d0f27d5f91fda721d
   Size/MD5 checksum:   770994 94ef895f8942b880e8823e10420120e6
   Size/MD5 checksum:   172726 5d097f0290be2bab9b93287bad07e83f
   Size/MD5 checksum:    37660 e977bc38e837077de7a006ef923b98bd
   Size/MD5 checksum:   779958 ad7245f8a9980d7f40234aefaf12a31b

s390 architecture (IBM S/390)
   Size/MD5 checksum:   185726 91661276ed6cf371373b4e61805c81b8
   Size/MD5 checksum:   885618 218f2603ab94bf92ba45cd330fe15782
   Size/MD5 checksum:   806024 3abe21a0d756e5a0a2ca646f0ba32729
   Size/MD5 checksum:    36378 cbc5eb7e2f81adafeba8e857aee8c918
   Size/MD5 checksum:   750190 4172cb95d7aea2f9ee9331220cd5274c

sparc architecture (Sun SPARC/UltraSPARC)
   Size/MD5 checksum:   781522 c20ea9c8ab0ec798488e68c845650036
   Size/MD5 checksum:   713144 e0139b86fbf9644678c2c6de6462bff1
   Size/MD5 checksum:   759568 7d46f7ceb214711851cc1f27edef2c48
   Size/MD5 checksum:    34580 fceb65808b2c98f621d79352eea9d2d5
   Size/MD5 checksum:   176874 f27821fe07861f2e71658bc3eb0a595e

 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and
Version: GnuPG v1.4.6 (GNU/Linux)


Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.


Project Spotlight


An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.