SCIENTIFIC-LINUX-ERRATA Archives

November 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: libxml2 on SL5.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 20 Nov 2014 20:02:16 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
Synopsis:          Moderate: libxml2 security update
Advisory ID:       SLSA-2014:1885-1
Issue Date:        2014-11-20
CVE Numbers:       CVE-2014-3660
--

A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption (denial
of service) based on excessive entity substitutions, even if entity
substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL5
  x86_64
    libxml2-2.6.26-2.1.25.el5_11.i386.rpm
    libxml2-2.6.26-2.1.25.el5_11.x86_64.rpm
    libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm
    libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm
    libxml2-python-2.6.26-2.1.25.el5_11.x86_64.rpm
    libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm
    libxml2-devel-2.6.26-2.1.25.el5_11.x86_64.rpm
  i386
    libxml2-2.6.26-2.1.25.el5_11.i386.rpm
    libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm
    libxml2-python-2.6.26-2.1.25.el5_11.i386.rpm
    libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2