First published: Tue Aug 14 2018(Updated: )
Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2016-9318) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-18258, CVE-2018-14404, CVE-2018-14567)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libxml2 | <2.9.4+dfsg1-6.1ubuntu1.2 | 2.9.4+dfsg1-6.1ubuntu1.2 |
=18.04 | ||
All of | ||
ubuntu/libxml2-utils | <2.9.4+dfsg1-6.1ubuntu1.2 | 2.9.4+dfsg1-6.1ubuntu1.2 |
=18.04 | ||
All of | ||
ubuntu/python-libxml2 | <2.9.4+dfsg1-6.1ubuntu1.2 | 2.9.4+dfsg1-6.1ubuntu1.2 |
=18.04 | ||
All of | ||
ubuntu/python3-libxml2 | <2.9.4+dfsg1-6.1ubuntu1.2 | 2.9.4+dfsg1-6.1ubuntu1.2 |
=18.04 | ||
All of | ||
ubuntu/libxml2 | <2.9.3+dfsg1-1ubuntu0.6 | 2.9.3+dfsg1-1ubuntu0.6 |
=16.04 | ||
All of | ||
ubuntu/libxml2-utils | <2.9.3+dfsg1-1ubuntu0.6 | 2.9.3+dfsg1-1ubuntu0.6 |
=16.04 | ||
All of | ||
ubuntu/python-libxml2 | <2.9.3+dfsg1-1ubuntu0.6 | 2.9.3+dfsg1-1ubuntu0.6 |
=16.04 | ||
All of | ||
ubuntu/libxml2 | <2.9.1+dfsg1-3ubuntu4.13 | 2.9.1+dfsg1-3ubuntu4.13 |
=14.04 | ||
All of | ||
ubuntu/libxml2-utils | <2.9.1+dfsg1-3ubuntu4.13 | 2.9.1+dfsg1-3ubuntu4.13 |
=14.04 | ||
All of | ||
ubuntu/python-libxml2 | <2.9.1+dfsg1-3ubuntu4.13 | 2.9.1+dfsg1-3ubuntu4.13 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-3739-1 is moderate.
The libxml2 package, libxml2-utils package, python-libxml2 package, and python3-libxml2 package in Ubuntu versions 18.04, 16.04, and 14.04 are affected by USN-3739-1.
An attacker could exploit the libxml2 vulnerabilities to expose sensitive information or cause a denial of service.
Update the libxml2 package, libxml2-utils package, python-libxml2 package, and python3-libxml2 package to version 2.9.4+dfsg1-6.1ubuntu1.2 (Ubuntu 18.04), 2.9.3+dfsg1-1ubuntu0.6 (Ubuntu 16.04), or 2.9.1+dfsg1-3ubuntu4.13 (Ubuntu 14.04) or later.
You can find more information about USN-3739-1 on the Ubuntu Security Notice page: [link].