lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Wjo3U-00077l-Im@titan.mandriva.com>
Date: Mon, 12 May 2014 13:06:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:086 ] libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:086
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : May 12, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Updated libxml2 packages fix security vulnerability:
 
 It was discovered that libxml2, a library providing support to
 read, modify and write XML files, incorrectly performs entity
 substituton in the doctype prolog, even if the application using
 libxml2 disabled any entity substitution. A remote attacker could
 provide a specially-crafted XML file that, when processed, would lead
 to the exhaustion of CPU and memory resources or file descriptors
 (CVE-2014-0191).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191
 http://advisories.mageia.org/MGASA-2014-0214.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 e08199e8000aa742a349779d3ab2ec47  mes5/i586/libxml2_2-2.7.6-0.2mdvmes5.2.i586.rpm
 e17921a9fc6178f4a9fc09d4bc032191  mes5/i586/libxml2-devel-2.7.6-0.2mdvmes5.2.i586.rpm
 45a35d256df7c886d9032419f905f542  mes5/i586/libxml2-python-2.7.6-0.2mdvmes5.2.i586.rpm
 eb09afc6effc053554a3ddbe85e1b81b  mes5/i586/libxml2-utils-2.7.6-0.2mdvmes5.2.i586.rpm 
 886f3cdfedc2ec5dc24f860d36da6e6e  mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 af207123c0b36ecc1d5c8be9f190d88d  mes5/x86_64/lib64xml2_2-2.7.6-0.2mdvmes5.2.x86_64.rpm
 3e57b3303b180a7ea6cd66556a409645  mes5/x86_64/lib64xml2-devel-2.7.6-0.2mdvmes5.2.x86_64.rpm
 4cbd6c336dddfd8fe721e9b7a56f4e1b  mes5/x86_64/libxml2-python-2.7.6-0.2mdvmes5.2.x86_64.rpm
 77ccd9b969dca08ba7b268ea0a8db830  mes5/x86_64/libxml2-utils-2.7.6-0.2mdvmes5.2.x86_64.rpm 
 886f3cdfedc2ec5dc24f860d36da6e6e  mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 ab5de5282ee7436abc25ee2bb79fcd29  mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 5b30b136874e9bdf04b1796b6f5e151f  mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 87e9b64ac4d34cee3d06c597e418a32e  mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 4099460529b00c3696b0034705b011a2  mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 
 5a41a0a6457ecdf8437394310b1e733b  mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.4.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTcH8JmqjQ0CJFipgRArhNAKD0H0qIO50vfqU9t+es+fx2k4hlzwCgknXF
LcgV2ulY90HTQVA1UKaszsw=
=kKkr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ