libxml2: denial of service

Package(s):

libxml2

CVE #(s):

CVE-2014-0191

Created:

May 12, 2014

Updated:

April 1, 2015

Description:

From the Mageia advisory:

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors

Alerts:

openSUSE	openSUSE-SU-2015:2372-1	libxml2	2015-12-27
Oracle	ELSA-2015-2550	libxml2	2015-12-07
Fedora	FEDORA-2015-4719	libxml2	2015-04-11
Fedora	FEDORA-2015-4658	libxml2	2015-04-07
CentOS	CESA-2015:0749	libxml2	2015-04-01
Oracle	ELSA-2015-0749	libxml2	2015-03-30
Scientific Linux	SLSA-2015:0749-1	libxml2	2015-03-30
Red Hat	RHSA-2015:0749-01	libxml2	2015-03-30
Mandriva	MDVSA-2015:111	libxml2	2015-03-29
Debian-LTS	DLA-151-1	libxml2	2015-02-07
Debian	DSA-2978-2	libxml2	2015-02-06
Fedora	FEDORA-2014-17609	mingw-libxml2	2015-01-02
Fedora	FEDORA-2014-17573	mingw-libxml2	2015-01-02
Gentoo	201409-08	libxml2	2014-09-19
Oracle	ELSA-2014-1655	libxml2	2014-10-17
Debian	DSA-2978-1	libxml2	2014-07-11
Ubuntu	USN-2214-3	libxml2	2014-06-17
Ubuntu	USN-2214-2	libxml2	2014-06-09
openSUSE	openSUSE-SU-2014:0753-1	libxml2,	2014-06-04
openSUSE	openSUSE-SU-2014:0741-1	libxml2,	2014-06-02
openSUSE	openSUSE-SU-2014:0716-1	libxml2,	2014-05-27
openSUSE	openSUSE-SU-2014:0701-1	libxml2	2014-05-22
Oracle	ELSA-2014-0513	libxml2	2014-05-19
CentOS	CESA-2014:0513	libxml2	2014-05-19
Scientific Linux	SLSA-2014:0513-1	libxml2	2014-05-19
Red Hat	RHSA-2014:0513-01	libxml2	2014-05-19
Ubuntu	USN-2214-1	libxml2	2014-05-15
openSUSE	openSUSE-SU-2014:0645-1	libxml2	2014-05-15
Mandriva	MDVSA-2014:086	libxml2	2014-05-12
Mageia	MGASA-2014-0214	libxml2	2014-05-10