Synopsis:          Moderate: libxml2 security update
Issue Date:        2013-02-28
CVE Numbers:       CVE-2013-0338
--

A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement was
enabled. A remote attacker could provide a specially-crafted XML file that,
when processed by an application linked against libxml2, would lead to
excessive CPU consumption. (CVE-2013-0338)

The desktop must be restarted (log out, then log back in) for this update to
take effect.
--

SL5
   x86_64
     libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm
     libxml2-2.6.26-2.1.21.el5_9.1.x86_64.rpm
     libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm
     libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.x86_64.rpm
     libxml2-python-2.6.26-2.1.21.el5_9.1.x86_64.rpm
     libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm
     libxml2-devel-2.6.26-2.1.21.el5_9.1.x86_64.rpm
   i386
     libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm
     libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm
     libxml2-python-2.6.26-2.1.21.el5_9.1.i386.rpm
     libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm
SL6
   x86_64
     libxml2-2.7.6-12.el6_4.1.i686.rpm
     libxml2-2.7.6-12.el6_4.1.x86_64.rpm
     libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm
     libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm
     libxml2-python-2.7.6-12.el6_4.1.x86_64.rpm
     libxml2-devel-2.7.6-12.el6_4.1.i686.rpm
     libxml2-devel-2.7.6-12.el6_4.1.x86_64.rpm
     libxml2-static-2.7.6-12.el6_4.1.x86_64.rpm
   i386
     libxml2-2.7.6-12.el6_4.1.i686.rpm
     libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm
     libxml2-python-2.7.6-12.el6_4.1.i686.rpm
     libxml2-devel-2.7.6-12.el6_4.1.i686.rpm
     libxml2-static-2.7.6-12.el6_4.1.i686.rpm

- Scientific Linux Development Team