USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libxml2",
"binary_version": "2.9.1+dfsg1-3ubuntu4.2"
},
{
"binary_name": "libxml2-utils",
"binary_version": "2.9.1+dfsg1-3ubuntu4.2"
},
{
"binary_name": "python-libxml2",
"binary_version": "2.9.1+dfsg1-3ubuntu4.2"
}
]
}