What is the severity of USN-3739-1?

The severity of USN-3739-1 is moderate.

What software is affected by USN-3739-1?

The libxml2 package, libxml2-utils package, python-libxml2 package, and python3-libxml2 package in Ubuntu versions 18.04, 16.04, and 14.04 are affected by USN-3739-1.

How can an attacker exploit the libxml2 vulnerabilities described in USN-3739-1?

An attacker could exploit the libxml2 vulnerabilities to expose sensitive information or cause a denial of service.

How can I fix the libxml2 vulnerabilities described in USN-3739-1?

Update the libxml2 package, libxml2-utils package, python-libxml2 package, and python3-libxml2 package to version 2.9.4+dfsg1-6.1ubuntu1.2 (Ubuntu 18.04), 2.9.3+dfsg1-1ubuntu0.6 (Ubuntu 16.04), or 2.9.1+dfsg1-3ubuntu4.13 (Ubuntu 14.04) or later.

Where can I find more information about USN-3739-1?

You can find more information about USN-3739-1 on the Ubuntu Security Notice page: [link].

Vulnerability/
USN-3739-1

14/8/2018

USN-3739-1: libxml2 vulnerabilities

First published: Tue Aug 14 2018(Updated: )

Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2016-9318) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-18258, CVE-2018-14404, CVE-2018-14567)

Affected Software	Affected Version	How to fix
All of
ubuntu/libxml2	<2.9.4+dfsg1-6.1ubuntu1.2	2.9.4+dfsg1-6.1ubuntu1.2
	=18.04
All of
ubuntu/libxml2-utils	<2.9.4+dfsg1-6.1ubuntu1.2	2.9.4+dfsg1-6.1ubuntu1.2
	=18.04
All of
ubuntu/python-libxml2	<2.9.4+dfsg1-6.1ubuntu1.2	2.9.4+dfsg1-6.1ubuntu1.2
	=18.04
All of
ubuntu/python3-libxml2	<2.9.4+dfsg1-6.1ubuntu1.2	2.9.4+dfsg1-6.1ubuntu1.2
	=18.04
All of
ubuntu/libxml2	<2.9.3+dfsg1-1ubuntu0.6	2.9.3+dfsg1-1ubuntu0.6
	=16.04
All of
ubuntu/libxml2-utils	<2.9.3+dfsg1-1ubuntu0.6	2.9.3+dfsg1-1ubuntu0.6
	=16.04
All of
ubuntu/python-libxml2	<2.9.3+dfsg1-1ubuntu0.6	2.9.3+dfsg1-1ubuntu0.6
	=16.04
All of
ubuntu/libxml2	<2.9.1+dfsg1-3ubuntu4.13	2.9.1+dfsg1-3ubuntu4.13
	=14.04
All of
ubuntu/libxml2-utils	<2.9.1+dfsg1-3ubuntu4.13	2.9.1+dfsg1-3ubuntu4.13
	=14.04
All of
ubuntu/python-libxml2	<2.9.1+dfsg1-3ubuntu4.13	2.9.1+dfsg1-3ubuntu4.13
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-3739-1?
The severity of USN-3739-1 is moderate.
What software is affected by USN-3739-1?
The libxml2 package, libxml2-utils package, python-libxml2 package, and python3-libxml2 package in Ubuntu versions 18.04, 16.04, and 14.04 are affected by USN-3739-1.
How can an attacker exploit the libxml2 vulnerabilities described in USN-3739-1?
An attacker could exploit the libxml2 vulnerabilities to expose sensitive information or cause a denial of service.
How can I fix the libxml2 vulnerabilities described in USN-3739-1?
Update the libxml2 package, libxml2-utils package, python-libxml2 package, and python3-libxml2 package to version 2.9.4+dfsg1-6.1ubuntu1.2 (Ubuntu 18.04), 2.9.3+dfsg1-1ubuntu0.6 (Ubuntu 16.04), or 2.9.1+dfsg1-3ubuntu4.13 (Ubuntu 14.04) or later.
Where can I find more information about USN-3739-1?
You can find more information about USN-3739-1 on the Ubuntu Security Notice page: [link].

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-3739-2
anchor-related/USN-3504-2
anchor-related/USN-3504-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04