Print

Print


Synopsis:          Moderate: libxml2 security update
Advisory ID:       SLSA-2015:2550-1
Issue Date:        2015-12-07
CVE Numbers:       CVE-2015-1819
                   CVE-2015-7941
                   CVE-2015-7942
                   CVE-2015-5312
                   CVE-2015-7497
                   CVE-2015-7498
                   CVE-2015-7499
                   CVE-2015-8317
                   CVE-2015-8241
                   CVE-2015-7500
                   CVE-2015-8242
--

Several denial of service flaws were found in libxml2, a library providing
support for reading, modifying, and writing XML and HTML files. A remote
attacker could provide a specially crafted XML or HTML file that, when
processed by an application using libxml2, would cause that application to
use an excessive amount of CPU, leak potentially sensitive information, or
in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312,
CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941,
CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957,
BZ#1281955)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL7
  x86_64
    libxml2-2.9.1-6.el7_2.2.i686.rpm
    libxml2-2.9.1-6.el7_2.2.x86_64.rpm
    libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm
    libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm
    libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm
    libxml2-devel-2.9.1-6.el7_2.2.i686.rpm
    libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm
    libxml2-static-2.9.1-6.el7_2.2.i686.rpm
    libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm

- Scientific Linux Development Team