Advisories ยป MGASA-2013-0272

Updated php-pear-Auth_OpenID package fixes security vulnerability

Publication date: 13 Sep 2013
Modification date: 13 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4701

Description

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote
attackers to read arbitrary files, send HTTP requests to intranet
servers, or cause a denial of service (CPU and memory consumption) via
XRDS data containing an external entity declaration in conjunction with an
entity reference, related to an XML External Entity (XXE) issue
(CVE-2013-4701).

References

SRPMS

2/core

3/core