Referenced CVEs:
CVE-2008-3281, CVE-2008-3529
Description:
=========================================================== Ubuntu Security Notice USN-644-1 September 11, 2008libxml2 vulnerabilitiesCVE-2008-3281, CVE-2008-3529===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.3Ubuntu 7.04: libxml2 2.6.27.dfsg-1ubuntu3.3Ubuntu 7.10: libxml2 2.6.30.dfsg-2ubuntu1.3Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that libxml2 did not correctly handle long entity names.If a user were tricked into processing a specially crafted XML document,a remote attacker could execute arbitrary code with user privilegesor cause the application linked against libxml2 to crash, leading to adenial of service. (CVE-2008-3529)USN-640-1 fixed vulnerabilities in libxml2. When processing extremelylarge XML documents with valid entities, it was possible to incorrectlytrigger the newly added vulnerability protections. This update fixesthe problem. (CVE-2008-3281)
More...
