Subject: | |
From: | |
Reply To: | |
Date: | Mon, 19 May 2014 14:03:59 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: libxml2 security update
Advisory ID: SLSA-2014:0513-1
Issue Date: 2014-05-19
CVE Numbers: CVE-2013-2877
CVE-2014-0191
--
It was discovered that libxml2 loaded external parameter entities even
when entity substitution was disabled. A remote attacker able to provide a
specially crafted XML file to an application linked against libxml2 could
use this flaw to conduct XML External Entity (XXE) attacks, possibly
resulting in a denial of service or an information leak on the system.
(CVE-2014-0191)
An out-of-bounds read flaw was found in the way libxml2 detected the end
of an XML file. A remote attacker could provide a specially crafted XML
file that, when processed by an application linked against libxml2, could
cause the application to crash. (CVE-2013-2877)
The desktop must be restarted (log out, then log back in) for this update
to take effect.
--
SL6
x86_64
libxml2-2.7.6-14.el6_5.1.i686.rpm
libxml2-2.7.6-14.el6_5.1.x86_64.rpm
libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm
libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm
libxml2-python-2.7.6-14.el6_5.1.x86_64.rpm
libxml2-devel-2.7.6-14.el6_5.1.i686.rpm
libxml2-devel-2.7.6-14.el6_5.1.x86_64.rpm
libxml2-static-2.7.6-14.el6_5.1.x86_64.rpm
i386
libxml2-2.7.6-14.el6_5.1.i686.rpm
libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm
libxml2-python-2.7.6-14.el6_5.1.i686.rpm
libxml2-devel-2.7.6-14.el6_5.1.i686.rpm
libxml2-static-2.7.6-14.el6_5.1.i686.rpm
- Scientific Linux Development Team
|
|
|