Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-644-1: libxml2 vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-644-1: libxml2 vulnerabilities
# 1  
Old 09-11-2008
USN-644-1: libxml2 vulnerabilities
Referenced CVEs:
CVE-2008-3281, CVE-2008-3529


Description:
=========================================================== Ubuntu Security Notice USN-644-1 September 11, 2008libxml2 vulnerabilitiesCVE-2008-3281, CVE-2008-3529===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.3Ubuntu 7.04: libxml2 2.6.27.dfsg-1ubuntu3.3Ubuntu 7.10: libxml2 2.6.30.dfsg-2ubuntu1.3Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that libxml2 did not correctly handle long entity names.If a user were tricked into processing a specially crafted XML document,a remote attacker could execute arbitrary code with user privilegesor cause the application linked against libxml2 to crash, leading to adenial of service. (CVE-2008-3529)USN-640-1 fixed vulnerabilities in libxml2. When processing extremelylarge XML documents with valid entities, it was possible to incorrectlytrigger the newly added vulnerability protections. This update fixesthe problem. (CVE-2008-3281)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

xml::libxml::xpathexpression

XML::LibXML::XPathExpression(3) 			User Contributed Perl Documentation			   XML::LibXML::XPathExpression(3)

NAME

       XML::LibXML::XPathExpression - XML::LibXML::XPathExpression - interface to libxml2 pre-compiled XPath expressions

SYNOPSIS

	 use XML::LibXML;
	 my $compiled_xpath = XML::LibXML::XPathExpression->new('//foo[@bar="baz"][position()<4]');

	 # interface from XML::LibXML::Node

	 my $result = $node->find($compiled_xpath);
	 my @nodes = $node->findnodes($compiled_xpath);
	 my $value = $node->findvalue($compiled_xpath);

	 # interface from XML::LibXML::XPathContext

	 my $result = $xpc->find($compiled_xpath,$node);
	 my @nodes = $xpc->findnodes($compiled_xpath,$node);
	 my $value = $xpc->findvalue($compiled_xpath,$node);

	 $compiled = XML::LibXML::XPathExpression->new( xpath_string );

DESCRIPTION

       This is a perl interface to libxml2's pre-compiled XPath expressions.  Pre-compiling an XPath expression can give in some performance
       benefit if the same XPath query is evaluated many times. "XML::LibXML::XPathExpression" objects can be passed to all "find..." functions
       "XML::LibXML" that expect an XPath expression.

       new()
	     $compiled = XML::LibXML::XPathExpression->new( xpath_string );

	   The constructor takes an XPath 1.0 expression as a string and returns an object representing the pre-compiled expressions (the actual
	   data structure is internal to libxml2).

AUTHORS

       Matt Sergeant, Christian Glahn, Petr Pajas

VERSION

       2.0018

COPYRIGHT

       2001-2007, AxKit.com Ltd.

       2002-2006, Christian Glahn.

       2006-2009, Petr Pajas.

perl v5.16.3							    2013-05-13					   XML::LibXML::XPathExpression(3)