Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [USN-89-1] XML library vulnerabilities

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-Disclosure] [USN-89-1] XML library vulnerabilities
Date: Mon, 28 Feb 2005 15:33:19 +0100 
===========================================================
Ubuntu Security Notice USN-89-1           February 28, 2005
libxml vulnerabilities
CAN-2004-0989
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libxml1

The problem can be corrected by upgrading the affected package to
version 1:1.8.17-8ubuntu0.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several buffer overflows have been discovered in libxml's FTP
connection and DNS resolution functions. Supplying very long FTP URLs
or IP addresses might result in execution of arbitrary code with the
privileges of the process using libxml.

This does not affect the core XML parsing code, which is what the
majority of programs use this library for.

Note: The same vulnerability was already fixed for libxml2 in
USN-10-1.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.diff.gz
      Size/MD5:   361144 49c17811be2abc30c48984e0f46454fb
    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.dsc
      Size/MD5:      756 5d9e3b59a2d624d52af231926a84fb1d
    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17.orig.tar.gz
      Size/MD5:  1016403 b8f01e43e1e03dec37dfd6b4507a9568

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_amd64.deb
      Size/MD5:   385860 672acd61cde9389539ea2e8d68a1d2db
    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_amd64.deb
      Size/MD5:   225922 e1f0cdc93c32b6bd256070dc45d5e2a7

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_i386.deb
      Size/MD5:   361434 41037748a8cb40a6bd26b0d0d5ee3387
    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_i386.deb
      Size/MD5:   212158 7f149fcc590aa2162810fdae5a47cd29

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_powerpc.deb
      Size/MD5:   392636 b445671f31603b7e12b8c47fd7ea6697
    
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_powerpc.deb
      Size/MD5:   220004 e3cd12326fae6972a44ac59a8af97697

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [USN-89-1] XML library vulnerabilities, Martin Pitt <=
Previous by Date:  Re: Google Getting (even) smarter, Jordan Wiens
Next by Date:  Re: Office 10 applications & flashdrives can be used to browse restricted drives, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Previous by Thread:  [Full-Disclosure] [USN-88-1] reportbug information disclosure, Martin Pitt
Next by Thread:  7a69Adv#22 - UNIX unzip keep setuid and setgid files, Albert Puigsech Galicia
Indexes:  [Date] [Thread] [Top] [All Lists]