MGASA-2013-0085
| Date: | March 3rd, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated libxml2 packages fix security vulnerability:
A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement was
enabled. A remote attacker could provide a specially-crafted XML file
that, when processed by an application linked against libxml2, would
lead to excessive CPU consumption (CVE-2013-0338).
Updated Packages:
i586:
libxml2_2-2.7.8-14.20120229.5.mga2.i586.rpm
libxml2-devel-2.7.8-14.20120229.5.mga2.i586.rpm
libxml2-python-2.7.8-14.20120229.5.mga2.i586.rpm
libxml2-utils-2.7.8-14.20120229.5.mga2.i586.rpm
libxml2-debug-2.7.8-14.20120229.5.mga2.i586.rpm
x86_64:
lib64xml2_2-2.7.8-14.20120229.5.mga2.x86_64.rpm
lib64xml2-devel-2.7.8-14.20120229.5.mga2.x86_64.rpm
libxml2-python-2.7.8-14.20120229.5.mga2.x86_64.rpm
libxml2-utils-2.7.8-14.20120229.5.mga2.x86_64.rpm
libxml2-debug-2.7.8-14.20120229.5.mga2.x86_64.rpm
SRPMS:
libxml2-2.7.8-14.20120229.5.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
https://rhn.redhat.com/errata/RHSA-2013-0581.html
https://bugs.mageia.org/show_bug.cgi?id=9228
