MDVSA-2013:017
- Nom du paquet
- libxml2
- Date
- 2013-03-05
- Advisory ID
- MDVSA-2013:017
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in libxml2:
A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement
was enabled. A remote attacker could provide a specially-crafted XML
file that, when processed by an application linked against libxml2,
would lead to excessive CPU consumption (CVE-2013-0338).
The updated packages have been upgraded to the 2.7.6 version and
patched to correct this issue.
Updated packages
MES5 i586
e3d2c325dbb2d33ea2839de58db1fa74 mes5/i586/libxml2_2-2.7.6-0.1mdvmes5.2.i586.rpm 567c33bce54fe89ec728e520e4c9bac2 mes5/i586/libxml2-devel-2.7.6-0.1mdvmes5.2.i586.rpm 18079083eb5e222383723eeae94c3a28 mes5/i586/libxml2-python-2.7.6-0.1mdvmes5.2.i586.rpm 7d75b05078300ea34c7e086d4f4b04a4 mes5/i586/libxml2-utils-2.7.6-0.1mdvmes5.2.i586.rpm 90e90f1098aababac24391b8e67fbeaa mes5/SRPMS/libxml2-2.7.6-0.1mdvmes5.2.src.rpm
MES5 x86_64
ab842379cfd78d886fc4e5d6f8205474 mes5/x86_64/lib64xml2_2-2.7.6-0.1mdvmes5.2.x86_64.rpm 1b4f5427a29f8499fce023d401914d8d mes5/x86_64/lib64xml2-devel-2.7.6-0.1mdvmes5.2.x86_64.rpm ebd9cb9095b6555afed217d194639953 mes5/x86_64/libxml2-python-2.7.6-0.1mdvmes5.2.x86_64.rpm bb0fa6697516e0ea613f838606df963b mes5/x86_64/libxml2-utils-2.7.6-0.1mdvmes5.2.x86_64.rpm 90e90f1098aababac24391b8e67fbeaa mes5/SRPMS/libxml2-2.7.6-0.1mdvmes5.2.src.rpm