All Supported Ubuntu OSes Receive Libxml2 Security Exploit Update

On December 6, Canonical published in a security notice details about a libxml2 vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 11.10 (Oneiric Ocelot), Ubuntu 10.04 LTS (Lucid Lynx), and Ubuntu 8.04 LTS (Hardy Heron) operating systems.

According to Canonical, applications using libxml2 could have been made to crash or to run programs as the user's login, if they opened a specially crafted file.

It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or an automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could have been made to crash or possibly execute arbitrary code.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest cups, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.