Synopsis:          Moderate: libxml2 security update

Advisory ID:       SLSA-2015:2549-1

Issue Date:        2015-12-07

CVE Numbers:       CVE-2015-7941

                   CVE-2015-7942

                   CVE-2015-5312

                   CVE-2015-7497

                   CVE-2015-7498

                   CVE-2015-7499

                   CVE-2015-8317

                   CVE-2015-8241

                   CVE-2015-7500

                   CVE-2015-8242

--



Several denial of service flaws were found in libxml2, a library providing

support for reading, modifying, and writing XML and HTML files. A remote

attacker could provide a specially crafted XML or HTML file that, when

processed by an application using libxml2, would cause that application to

use an excessive amount of CPU, leak potentially sensitive information, or

in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497,

CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942,

CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)



The desktop must be restarted (log out, then log back in) for this update

to take effect.

--



SL6

  x86_64

    libxml2-2.7.6-20.el6_7.1.i686.rpm

    libxml2-2.7.6-20.el6_7.1.x86_64.rpm

    libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm

    libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm

    libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm

    libxml2-devel-2.7.6-20.el6_7.1.i686.rpm

    libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm

    libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

  i386

    libxml2-2.7.6-20.el6_7.1.i686.rpm

    libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm

    libxml2-python-2.7.6-20.el6_7.1.i686.rpm

    libxml2-devel-2.7.6-20.el6_7.1.i686.rpm

    libxml2-static-2.7.6-20.el6_7.1.i686.rpm



- Scientific Linux Development Team