MGASA-2012-0266
| Date: | September 13th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated ocaml-xml-light packages fix security vulnerability:
OCaml Xml-Light Library before r234 computes hash values without
restricting the ability to trigger hash collisions predictably,
which allows context-dependent attackers to cause a denial of service
(CPU consumption) via unspecified vectors (CVE-2012-3514).
Additionally, ocaml-dose3 has been rebuilt to include the updated
ocaml-xml-light.
Updated Packages:
Mageia 1:
ocaml-xml-light-2.2-18.1.mga1
ocaml-xml-light-devel-2.2-18.1.mga1
ocaml-dose3-2.9.2-2.2457.2.1.mga1
ocaml-dose3-devel-2.9.2-2.2457.2.1.mga1
Mageia 2:
ocaml-xml-light-2.2-19.1.mga2
ocaml-xml-light-devel-2.2-19.1.mga2
ocaml-dose3-2.9.10-3.1.mga2
ocaml-dose3-devel-2.9.10-3.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3514
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085828.html
https://bugs.mageia.org/show_bug.cgi?id=7276
