Advisories » MGASA-2015-0199

Updated perl-XML-LibXML packages fix CVE-2015-3451

Publication date: 06 May 2015
Modification date: 06 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3451

Description

Updated perl-XML-LibXML package fixes security vulnerability:

Tilmann Haak from xing.com discovered that XML::LibXML did not respect the
expand_entities parameter to disable processing of external entities in some
circumstances. This may allow attackers to gain read access to otherwise
protected ressources, depending on how the library is used (CVE-2015-3451).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15803
• https://www.debian.org/security/2015/dsa-3243
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451

SRPMS

4/core

• perl-XML-LibXML-2.10.0-2.1.mga4