Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-640-1: libxml2 vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-640-1: libxml2 vulnerability
# 1  
Old 09-03-2008
USN-640-1: libxml2 vulnerability
Referenced CVEs:
CVE-2008-3281


Description:
=========================================================== Ubuntu Security Notice USN-640-1 September 03, 2008 libxml2 vulnerability CVE-2008-3281 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.2 Ubuntu 7.04: libxml2 2.6.27.dfsg-1ubuntu3.2 Ubuntu 7.10: libxml2 2.6.30.dfsg-2ubuntu1.2 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT SUSE

xml::libxml::sax

XML::LibXML::SAX(3)					User Contributed Perl Documentation				       XML::LibXML::SAX(3)

NAME

       XML::LibXML::SAX - XML::LibXML direct SAX parser

DESCRIPTION

       XML::LibXML provides an interface to libxml2 direct SAX interface. Through this interface it is possible to generate SAX events directly
       while parsing a document. While using the SAX parser XML::LibXML will not create a DOM Document tree.

       Such an interface is useful if very large XML documents have to be processed and no DOM functions are required. By using this interface it
       is possible to read data stored within a XML document directly into the application data structures without loading the document into
       memory.

       The SAX interface of XML::LibXML is based on the famous XML::SAX interface. It uses the generic interface as provided by XML::SAX::Base.

       Additionally to the generic functions, which are only able to process entire documents, XML::LibXML::SAX provides parse_chunk(). This
       method generates SAX events from well balanced data such as is often provided by databases.

       NOTE: At the moment XML::LibXML provides only an incomplete interface to libxml2's native SAX implementation. The current implementation is
       not tested in production environment. It may causes significant memory problems or shows wrong behaviour. If you run into specific problems
       using this part of XML::LibXML, let me know.

AUTHORS

       Matt Sergeant, Christian Glahn, Petr Pajas

VERSION

       1.70

COPYRIGHT

       2001-2007, AxKit.com Ltd.

       2002-2006, Christian Glahn.

       2006-2009, Petr Pajas.

perl v5.12.1							    2009-10-07						       XML::LibXML::SAX(3)