BugTraq
[ MDVSA-2014:086 ] libxml2 May 12 2014 11:06AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:086
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libxml2
Date : May 12, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Updated libxml2 packages fix security vulnerability:

It was discovered that libxml2, a library providing support to
read, modify and write XML files, incorrectly performs entity
substituton in the doctype prolog, even if the application using
libxml2 disabled any entity substitution. A remote attacker could
provide a specially-crafted XML file that, when processed, would lead
to the exhaustion of CPU and memory resources or file descriptors
(CVE-2014-0191).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191
http://advisories.mageia.org/MGASA-2014-0214.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
e08199e8000aa742a349779d3ab2ec47 mes5/i586/libxml2_2-2.7.6-0.2mdvmes5.2.i586.rpm
e17921a9fc6178f4a9fc09d4bc032191 mes5/i586/libxml2-devel-2.7.6-0.2mdvmes5.2.i586.rpm
45a35d256df7c886d9032419f905f542 mes5/i586/libxml2-python-2.7.6-0.2mdvmes5.2.i586.rpm
eb09afc6effc053554a3ddbe85e1b81b mes5/i586/libxml2-utils-2.7.6-0.2mdvmes5.2.i586.rpm
886f3cdfedc2ec5dc24f860d36da6e6e mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
af207123c0b36ecc1d5c8be9f190d88d mes5/x86_64/lib64xml2_2-2.7.6-0.2mdvmes5.2.x86_64.rpm
3e57b3303b180a7ea6cd66556a409645 mes5/x86_64/lib64xml2-devel-2.7.6-0.2mdvmes5.2.x86_64.rpm
4cbd6c336dddfd8fe721e9b7a56f4e1b mes5/x86_64/libxml2-python-2.7.6-0.2mdvmes5.2.x86_64.rpm
77ccd9b969dca08ba7b268ea0a8db830 mes5/x86_64/libxml2-utils-2.7.6-0.2mdvmes5.2.x86_64.rpm
886f3cdfedc2ec5dc24f860d36da6e6e mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
ab5de5282ee7436abc25ee2bb79fcd29 mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
5b30b136874e9bdf04b1796b6f5e151f mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
87e9b64ac4d34cee3d06c597e418a32e mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
4099460529b00c3696b0034705b011a2 mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
5a41a0a6457ecdf8437394310b1e733b mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.4.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTcH8JmqjQ0CJFipgRArhNAKD0H0qIO50vfqU9t+es+fx2k4hlzwCgknXF
LcgV2ulY90HTQVA1UKaszsw=
=kKkr
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus