Paketname
libxml2
Datum
2014-05-12
Advisory ID
MDVSA-2014:086
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Updated libxml2 packages fix security vulnerability:

It was discovered that libxml2, a library providing support to
read, modify and write XML files, incorrectly performs entity
substituton in the doctype prolog, even if the application using
libxml2 disabled any entity substitution. A remote attacker could
provide a specially-crafted XML file that, when processed, would lead
to the exhaustion of CPU and memory resources or file descriptors
(CVE-2014-0191).

Aktualisierte Pakete

MES5 i586

 e08199e8000aa742a349779d3ab2ec47  mes5/i586/libxml2_2-2.7.6-0.2mdvmes5.2.i586.rpm
 e17921a9fc6178f4a9fc09d4bc032191  mes5/i586/libxml2-devel-2.7.6-0.2mdvmes5.2.i586.rpm
 45a35d256df7c886d9032419f905f542  mes5/i586/libxml2-python-2.7.6-0.2mdvmes5.2.i586.rpm
 eb09afc6effc053554a3ddbe85e1b81b  mes5/i586/libxml2-utils-2.7.6-0.2mdvmes5.2.i586.rpm 
 886f3cdfedc2ec5dc24f860d36da6e6e  mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

MBS1 x86_64

 ab5de5282ee7436abc25ee2bb79fcd29  mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 5b30b136874e9bdf04b1796b6f5e151f  mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 87e9b64ac4d34cee3d06c597e418a32e  mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 4099460529b00c3696b0034705b011a2  mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 
 5a41a0a6457ecdf8437394310b1e733b  mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.4.mbs1.src.rpm

MES5 x86_64

 af207123c0b36ecc1d5c8be9f190d88d  mes5/x86_64/lib64xml2_2-2.7.6-0.2mdvmes5.2.x86_64.rpm
 3e57b3303b180a7ea6cd66556a409645  mes5/x86_64/lib64xml2-devel-2.7.6-0.2mdvmes5.2.x86_64.rpm
 4cbd6c336dddfd8fe721e9b7a56f4e1b  mes5/x86_64/libxml2-python-2.7.6-0.2mdvmes5.2.x86_64.rpm
 77ccd9b969dca08ba7b268ea0a8db830  mes5/x86_64/libxml2-utils-2.7.6-0.2mdvmes5.2.x86_64.rpm 
 886f3cdfedc2ec5dc24f860d36da6e6e  mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

Referenzen