Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary

From Steve Kemp@1:229/2 to All on Tue Oct 14 20:10:20 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1654-1 [email protected] http://www.debian.org/security/ Steve Kemp October 14, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : libxml2
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-3529
Debian Bug : 498768

It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names. This could allow the execution of arbitrary
code via a malicious XML file.

For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-5.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.

We recommend that you upgrade your libxml2 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz
Size/MD5 checksum: 220443 48cafbb8d1bd2c6093339fea3f14e4a0
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc
Size/MD5 checksum: 893 0dc1f183dd20741e5b4e26a7f8e1c652

Architecture independent packages:

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb
Size/MD5 checksum: 1328144 c1c5f0ceb391893a94e61c074b677ee9

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum: 820850 fac5556241bb0fde20913f25fb9c73ac
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum: 37980 725b1c6925e610b5843ba0ad554dc7bc
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum: 184754 5ccbaf07b44dcfe528167074050bf270
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum: 916830 17d71480b7e2a447dabde99c11d752fa
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum: 881834 cac19a28b37f7afb9e07966f44ddd5b2

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum: 184130 a13372752d162d0fb2ccd58da6b73e20
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum: 36684 8a0265229bebf9245dc7bb7cc6f41d36
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum: 796194 6019e59020269cca8fa8fea40f83c118
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum: 891922 606fc28448bead2709c39a1d3e529a25
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum: 745758 95bd39eb2818772c43c3351b22326fcd

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum: 741876 1b670c6bac3aa9f7df28f7ea3f1e5725
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum: 34678 9a992dc251b137a919a813eed2af8489
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum: 165290 732b4e94b91a086c6b950d187af160bc
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum: 817514 299c93a812ac02a8aa9da88f4cb5aedf
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum: 673192 d2ff2c26ee8dae05f81c24aa6dfce9b5

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb
Size/MD5 checksum: 191876 4d2e33090237b47bc10e9526329f0bc5
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_hppa.deb
Size/MD5 checksum: 36708 0ebf8554c5a0e873b128d52ceafccdfd
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_hppa.deb
Size/MD5 checksum: 850210 bde343770ac9a7bd458e68a60c2b8434
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_hppa.deb
Size/MD5 checksum: 858660 88f67d0d2aff41333ca2f4d4b2d6b5b2
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_hppa.deb
Size/MD5 checksum: 864474 489dbd9d677c274c07abb88d0f23b969

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_i386.deb
Size/MD5 checksum: 755986 9fdf341ede17d7790202229db9cc1353
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_i386.deb
Size/MD5 checksum: 169032 272c6be290817bf9cb8b401425fd83d5
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_i386.deb
Size/MD5 checksum: 681472 d8a0611d638e0553da64a218fbcf291a
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_i386.deb
Size/MD5 checksum: 857318 6946048170dd7d142c03c13794c30d6f
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_i386.deb
Size/MD5 checksum: 34496 3e3674a714f780024630ad1a2ca46eab

ia64 architecture (Intel ia64)

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Spearb0y
  Mon Jun 8 06:51:02 2026
  from Massachusetts via SSH
- Krenn
  Mon Jun 8 05:45:38 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH
- Centurion
  Sun Jun 7 16:59:51 2026
  from Berea, Ohio via Telnet
- Furryboy
  Sun Jun 7 13:40:29 2026
  from Romania, Galati via SSH
- Krenn
  Sun Jun 7 10:02:33 2026
  from Sydney, Nsw via Telnet
- Spearb0y
  Sun Jun 7 07:41:05 2026
  from Massachusetts via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	15:11:43
Calls:	12,102
Calls today:	2
Files:	15,004
Messages:	6,518,048

[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary

Who's Online

Recent Visitors

System Info