PublicDate: 2008-08-27 20:41:00 UTC
Candidate: CVE-2008-3281
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
 https://ubuntu.com/security/notices/USN-640-1
 https://ubuntu.com/security/notices/USN-644-1
Description:
 libxml2 2.6.32 and earlier does not properly detect recursion during entity
 expansion in an attribute value, which allows context-dependent attackers
 to cause a denial of service (memory and CPU consumption) via a crafted XML
 document.
Ubuntu-Description:
Notes:
 kees> earlier patches broke ABI (https://bugzilla.redhat.com/show_bug.cgi?id=459830)
 kees> USN-644-1 updates this fix to match upstream patches.
Bugs:
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_libxml2:
 vendor: https://bugzilla.redhat.com/attachment.cgi?id=314860
upstream_libxml2: released (2.7.1)
dapper_libxml2: released (2.6.24.dfsg-1ubuntu1.2)
feisty_libxml2: released (2.6.27.dfsg-1ubuntu3.2)
gutsy_libxml2: released (2.6.30.dfsg-2ubuntu1.2)
hardy_libxml2: released (2.6.31.dfsg-2ubuntu1.1)
devel_libxml2: not-affected