[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Mageia alert MGASA-2014-0214 (libxml2)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0214: Updated libxml2 packages fix CVE-2014-0191 


Date:
    	      Sat, 10 May 2014 21:46:34 +0200


Message-ID:
    	      <20140510194634.DEC965CB23@valstar.mageia.org>


MGASA-2014-0214 - Updated libxml2 packages fix CVE-2014-0191

Publication date: 10 May 2014
URL: http://advisories.mageia.org/MGASA-2014-0214.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-0191

Description:
Updated libxml2 packages fix security vulnerability:

It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191).

References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1090976
- https://bugs.mageia.org/show_bug.cgi?id=13338
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

SRPMS:
- 4/core/libxml2-2.9.1-2.1.mga4
- 3/core/libxml2-2.9.0-5.3.mga3
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds