Paketname
libxml2
Datum
2013-03-05
Advisory ID
MDVSA-2013:017
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

A vulnerability has been found and corrected in libxml2:

A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement
was enabled. A remote attacker could provide a specially-crafted XML
file that, when processed by an application linked against libxml2,
would lead to excessive CPU consumption (CVE-2013-0338).

The updated packages have been upgraded to the 2.7.6 version and
patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 e3d2c325dbb2d33ea2839de58db1fa74  mes5/i586/libxml2_2-2.7.6-0.1mdvmes5.2.i586.rpm
 567c33bce54fe89ec728e520e4c9bac2  mes5/i586/libxml2-devel-2.7.6-0.1mdvmes5.2.i586.rpm
 18079083eb5e222383723eeae94c3a28  mes5/i586/libxml2-python-2.7.6-0.1mdvmes5.2.i586.rpm
 7d75b05078300ea34c7e086d4f4b04a4  mes5/i586/libxml2-utils-2.7.6-0.1mdvmes5.2.i586.rpm 
 90e90f1098aababac24391b8e67fbeaa  mes5/SRPMS/libxml2-2.7.6-0.1mdvmes5.2.src.rpm

MES5 x86_64

 ab842379cfd78d886fc4e5d6f8205474  mes5/x86_64/lib64xml2_2-2.7.6-0.1mdvmes5.2.x86_64.rpm
 1b4f5427a29f8499fce023d401914d8d  mes5/x86_64/lib64xml2-devel-2.7.6-0.1mdvmes5.2.x86_64.rpm
 ebd9cb9095b6555afed217d194639953  mes5/x86_64/libxml2-python-2.7.6-0.1mdvmes5.2.x86_64.rpm
 bb0fa6697516e0ea613f838606df963b  mes5/x86_64/libxml2-utils-2.7.6-0.1mdvmes5.2.x86_64.rpm 
 90e90f1098aababac24391b8e67fbeaa  mes5/SRPMS/libxml2-2.7.6-0.1mdvmes5.2.src.rpm

Referenzen