Advisories ยป MGASA-2017-0009

Updated subversion packages fix security vulnerability

Publication date: 07 Jan 2017
Modification date: 07 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8734

Description

Subversion's mod_dontdothat module and clients using http(s):// are
vulnerable to a denial-of-service attack caused by exponential XML
entity expansion. The attack, otherwise known as the "billion laughs
attack", targets XML parsers and can cause the targeted process to
consume an excessive amount of CPU resources or memory (CVE-2016-8734).
                

References

SRPMS

5/core