Referenced CVEs:
CVE-2008-4225, CVE-2008-4226
Description:
===========================================================Ubuntu Security Notice USN-673-1 November 19, 2008libxml2 vulnerabilitiesCVE-2008-4225, CVE-2008-4226===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.4Ubuntu 7.10: libxml2 2.6.30.dfsg-2ubuntu1.4Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.3Ubuntu 8.10: libxml2 2.6.32.dfsg-4ubuntu1.1After a standard system upgrade you need to restart your sessions to effectthe necessary changes.Details follow:Drew Yao discovered that libxml2 did not correctly handle certain corruptXML documents. If a user or automated system were tricked into processinga malicious XML document, a remote attacker could cause applicationslinked against libxml2 to enter an infinite loop, leading to a denialof service. (CVE-2008-4225)Drew Yao discovered that libxml2 did not correctly handle large memoryallocations. If a user or automated system were tricked into processing avery large XML document, a remote attacker could cause applications linkedagainst libxml2 to crash, leading to a denial of service. (CVE-2008-4226)
More...
