-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1654-1 security@debian.org http://www.debian.org/security/ Steve Kemp October 14, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libxml2 Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-3529 Debian Bug : 498768 It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-5. For the unstable distribution (sid), this problem has been fixed in version 2.6.32.dfsg-4. We recommend that you upgrade your libxml2 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz Size/MD5 checksum: 220443 48cafbb8d1bd2c6093339fea3f14e4a0 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc Size/MD5 checksum: 893 0dc1f183dd20741e5b4e26a7f8e1c652 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb Size/MD5 checksum: 1328144 c1c5f0ceb391893a94e61c074b677ee9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 820850 fac5556241bb0fde20913f25fb9c73ac http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 37980 725b1c6925e610b5843ba0ad554dc7bc http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 184754 5ccbaf07b44dcfe528167074050bf270 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 916830 17d71480b7e2a447dabde99c11d752fa http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 881834 cac19a28b37f7afb9e07966f44ddd5b2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 184130 a13372752d162d0fb2ccd58da6b73e20 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 36684 8a0265229bebf9245dc7bb7cc6f41d36 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 796194 6019e59020269cca8fa8fea40f83c118 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 891922 606fc28448bead2709c39a1d3e529a25 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 745758 95bd39eb2818772c43c3351b22326fcd arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 741876 1b670c6bac3aa9f7df28f7ea3f1e5725 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 34678 9a992dc251b137a919a813eed2af8489 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 165290 732b4e94b91a086c6b950d187af160bc http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 817514 299c93a812ac02a8aa9da88f4cb5aedf http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 673192 d2ff2c26ee8dae05f81c24aa6dfce9b5 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 191876 4d2e33090237b47bc10e9526329f0bc5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 36708 0ebf8554c5a0e873b128d52ceafccdfd http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 850210 bde343770ac9a7bd458e68a60c2b8434 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 858660 88f67d0d2aff41333ca2f4d4b2d6b5b2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 864474 489dbd9d677c274c07abb88d0f23b969 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 755986 9fdf341ede17d7790202229db9cc1353 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 169032 272c6be290817bf9cb8b401425fd83d5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 681472 d8a0611d638e0553da64a218fbcf291a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 857318 6946048170dd7d142c03c13794c30d6f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_i386.deb Size/MD5 checksum: 34496 3e3674a714f780024630ad1a2ca46eab ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 1106480 03e08564e2bf843905daecdd7c5cc4c4 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 874222 ed9ab6fa068a5b07c22ec1c10db8e0ab http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 1080186 defc5f4f9eb80872a793cc025e33a111 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 48492 5a567323dc0bf8159a6eae87957266d5 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_ia64.deb Size/MD5 checksum: 196536 cdbb137c8bb31cf29114673c4cb28e67 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 34418 4a05346cb2fc6c314e7e8aef21662469 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 171678 c94bfffc6bde639623ce9a91028960e5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 926922 ddc8ff03120dd78869830d38a5e8708d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 840642 57f2ea24a31904c4b07531f6292a4a8e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mips.deb Size/MD5 checksum: 770246 20ba2586e1406d66bd34642f13265dcf mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 34398 9f0ebfb1dc37496e6b7a4e9963ffaeff http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 898346 29680d5d5baa66e251e71f55aa128e3c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 768976 8f6464a0ef61b3ddcd271652a01c7469 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 833252 5c83c05d44526479e7c550fd0d8cbdbe http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mipsel.deb Size/MD5 checksum: 168690 eb56cb1ea49795d0a5a18af468625941 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 898010 c3d61392afcb383d0f27d5f91fda721d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 770994 94ef895f8942b880e8823e10420120e6 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 172726 5d097f0290be2bab9b93287bad07e83f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 37660 e977bc38e837077de7a006ef923b98bd http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_powerpc.deb Size/MD5 checksum: 779958 ad7245f8a9980d7f40234aefaf12a31b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 185726 91661276ed6cf371373b4e61805c81b8 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 885618 218f2603ab94bf92ba45cd330fe15782 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 806024 3abe21a0d756e5a0a2ca646f0ba32729 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 36378 cbc5eb7e2f81adafeba8e857aee8c918 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_s390.deb Size/MD5 checksum: 750190 4172cb95d7aea2f9ee9331220cd5274c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 781522 c20ea9c8ab0ec798488e68c845650036 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 713144 e0139b86fbf9644678c2c6de6462bff1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 759568 7d46f7ceb214711851cc1f27edef2c48 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 34580 fceb65808b2c98f621d79352eea9d2d5 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_sparc.deb Size/MD5 checksum: 176874 f27821fe07861f2e71658bc3eb0a595e These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD4DBQFI9N2RwM/Gs81MDZ0RAqP7AJYxbWnJqF4zauFOietE80FTYW02AKDCOBt2 wvZ3MJ4FZeRn990jpLrh1A== =FZQi -----END PGP SIGNATURE-----