All the other supported Ubuntu distros have been affected by this problem

Jun 10, 2014 17:07 GMT  ·  By

Canonical has offered information about the libxml2 regression in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.

Canonical releases numerous updates for its supported operating systems, but from time to time the update fails to fix a problem or introduces another one, which is a major issue.

“Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service,” said the original advisory notice for the vulnerability.

The developers have now issued a new update and explained what happened. “USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem.”

For a more detailed description of the problems, you can see Canonical's security notification.

The flaws can be fixed if you upgrade your system(s) to the latest libxml2 package specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes and you won't have to restart the system.