Nom du paquet
libxml2
Date
2013-07-24
Advisory ID
MDVSA-2013:198
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in libxml2:

A denial of service flaw was found in the way libxml2, a library
providing support to read, modify and write XML and HTML files,
performed string substitutions when entity values for external
entity references replacement (--noent option) was requested /
enabled during the XML file parsing. A remote attacker could provide
a specially-crafted XML file containing an external entity expansion,
when processed would lead to excessive CPU consumption (denial of
service) (CVE-2013-0339). This a different flaw from CVE-2013-0338.

parser.c in libxml2 before 2.9.0, as used in Google Chrome before
28.0.1500.71 and other products, allows remote attackers to cause
a denial of service (out-of-bounds read) via a document that ends
abruptly, related to the lack of certain checks for the XML_PARSER_EOF
state (CVE-2013-2877).

The updated packages have been patched to correct these issues.

Updated packages

MBS1 x86_64

 4ad243c16e07e9f6850513c57cd1aa74  mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.3.mbs1.x86_64.rpm
 5bae4c7471edb1a4dfe267588b8f9160  mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.3.mbs1.x86_64.rpm
 6800af0e5ca73cccc48bf35596e57ee0  mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.3.mbs1.x86_64.rpm
 8af9449c2a438abccd86ff5d044b2e71  mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.3.mbs1.x86_64.rpm 
 956fd0fbd8ccd0a705747ea469b87ff7  mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.3.mbs1.src.rpm

References