==========================================================Ubuntu Security Notice USN-890-5          February 18, 2010
xmlrpc-c vulnerabilities
CVE-2009-3560, CVE-2009-3720
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libxmlrpc-core-c3               1.06.27-1ubuntu6.1

After a standard system upgrade you need to restart any applications linked
against XML-RPC for C and C++ to effect the necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for XML-RPC for C and C++.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
 not properly process malformed XML. If a user or application linked against
 Expat were tricked into opening a crafted XML file, an attacker could cause
 a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
 
 It was discovered that Expat did not properly process malformed UTF-8
 sequences. If a user or application linked against Expat were tricked into
 opening a crafted XML file, an attacker could cause a denial of service via
 application crash. (CVE-2009-3560)


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:     8970 3c900d470791bc6f96fef9f62ff855a6
          Size/MD5:     1235 ff5185e7e4f8dd3e28ca8ad37a71bc91
          Size/MD5:   699510 bd58eae4f4ff3a5c469702dfeea55ec6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   191574 c2a2705611c5b231cc3bb3437c156f98
          Size/MD5:   138520 10302283794426be7ecb9f9da8826977
          Size/MD5:   150084 ae045bdb465eb913731eb9e5fd66f6a6
          Size/MD5:    99832 b6fbfc2bf4410876efc9fe10d0d26be1
          Size/MD5:    33750 09898228a91d9b0b10f3c4aef67ec190
          Size/MD5:     9380 b807c5c14b048de0e885211d8411e72e

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   182138 7aa09d75854f07632eaa36fd9beb6843
          Size/MD5:   131416 56f607d37920de0f41c27b69334111e6
          Size/MD5:   140394 5da6f9cd96c63509ca9784a7042eba65
          Size/MD5:    89646 cd2d07e62047f070662d10f060df0cfe
          Size/MD5:    32702 6b1a84ec6820543c9dc7b953a5f123e5
          Size/MD5:     9384 4819490cbfacdd94a8cf0db7f4f17e79

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   180186 39862ee6fb6e16f4dd1003ef8b686028
          Size/MD5:   130832 56c7b4f046f1f8f873306080bf4cede2
          Size/MD5:   138558 86254ef314197d91bf950920877dd57a
          Size/MD5:    88648 8cc8e2985938247771e282fb2ec74ed2
          Size/MD5:    33176 83324c4b95b606fb340f0befff3d31e1
          Size/MD5:     9384 c7b935f896abac2f9bd56b5b28445310

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   187912 486758dc40e04cf06ad1fdce6ae16e6d
          Size/MD5:   137040 67220384287d2e5b2794a17262445556
          Size/MD5:   156454 675c23ccc310f179ec1f7997645aac1f
          Size/MD5:    94152 d2f177d93c783799c63991b64d6ceeb0
          Size/MD5:    33250 98efefe38967441c5c15d3d06e1f4051
          Size/MD5:     9386 5b79da5cbaf25ed20b9f11a9c06697e5

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   183118 3b3bef9a36389a1ba4f92ecd11c95977
          Size/MD5:   125894 26ea9b2e3c93e1969a4b57a2237d5f6b
          Size/MD5:   119290 4a15dcbdb3429aed9263f3940f04fcd2
          Size/MD5:    83000 2caba2114e0745fffa7bd71c52373cc5
          Size/MD5:    33024 952e863564659fc1c9e73be847ff5756
          Size/MD5:     9384 ea9363a086d7bcbf10b7ab15e6c8adeb

Ubuntu 890-5: XML-RPC for C and C++ vulnerabilities

February 18, 2010
USN-890-1 fixed vulnerabilities in Expat

Summary

Update Instructions

References

Severity
xmlrpc-c vulnerabilities

Package Information

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved