Mageia Advisory: MGASA-2014-0214 - Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix CVE-2014-0191

Publication date: 10 May 2014
Modification date: 10 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0191

Description

Updated libxml2 packages fix security vulnerability:

It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191).

References

https://bugzilla.redhat.com/show_bug.cgi?id=1090976
https://bugs.mageia.org/show_bug.cgi?id=13338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

SRPMS

4/core

libxml2-2.9.1-2.1.mga4

3/core

libxml2-2.9.0-5.3.mga3

Advisories » MGASA-2014-0214

Updated libxml2 packages fix CVE-2014-0191

Description

References

SRPMS

4/core

3/core