{"id":"USN-2214-2","summary":"libxml2 regression","details":"USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a\nregression when using xmllint with the --postvalid option. This update\nfixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Daniel Berrange discovered that libxml2 would incorrectly perform entity\n substitution even when requested not to. If a user or automated system were\n tricked into opening a specially crafted document, an attacker could\n possibly cause resource consumption, resulting in a denial of service.\n","modified":"2026-04-22T08:52:51.993312Z","published":"2014-06-09T14:20:23Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2214-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1321869"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libxml2@2.9.1+dfsg1-3ubuntu4.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.1+dfsg1-3ubuntu4.2"}]}],"versions":["2.9.1+dfsg1-3ubuntu2","2.9.1+dfsg1-3ubuntu3","2.9.1+dfsg1-3ubuntu4","2.9.1+dfsg1-3ubuntu4.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libxml2","binary_version":"2.9.1+dfsg1-3ubuntu4.2"},{"binary_name":"libxml2-utils","binary_version":"2.9.1+dfsg1-3ubuntu4.2"},{"binary_name":"python-libxml2","binary_version":"2.9.1+dfsg1-3ubuntu4.2"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2214-2.json"}}],"schema_version":"1.7.5"}