Advisories ยป MGASA-2014-0214

Updated libxml2 packages fix CVE-2014-0191

Publication date: 10 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0191

Description

Updated libxml2 packages fix security vulnerability:

It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191).
                

References

SRPMS

4/core

3/core