| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 May 2014 13:06:00 +0200 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2014:086 ] libxml2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:086 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libxml2 Date : May 12, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191 http://advisories.mageia.org/MGASA-2014-0214.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: e08199e8000aa742a349779d3ab2ec47 mes5/i586/libxml2_2-2.7.6-0.2mdvmes5.2.i586.rpm e17921a9fc6178f4a9fc09d4bc032191 mes5/i586/libxml2-devel-2.7.6-0.2mdvmes5.2.i586.rpm 45a35d256df7c886d9032419f905f542 mes5/i586/libxml2-python-2.7.6-0.2mdvmes5.2.i586.rpm eb09afc6effc053554a3ddbe85e1b81b mes5/i586/libxml2-utils-2.7.6-0.2mdvmes5.2.i586.rpm 886f3cdfedc2ec5dc24f860d36da6e6e mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: af207123c0b36ecc1d5c8be9f190d88d mes5/x86_64/lib64xml2_2-2.7.6-0.2mdvmes5.2.x86_64.rpm 3e57b3303b180a7ea6cd66556a409645 mes5/x86_64/lib64xml2-devel-2.7.6-0.2mdvmes5.2.x86_64.rpm 4cbd6c336dddfd8fe721e9b7a56f4e1b mes5/x86_64/libxml2-python-2.7.6-0.2mdvmes5.2.x86_64.rpm 77ccd9b969dca08ba7b268ea0a8db830 mes5/x86_64/libxml2-utils-2.7.6-0.2mdvmes5.2.x86_64.rpm 886f3cdfedc2ec5dc24f860d36da6e6e mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: ab5de5282ee7436abc25ee2bb79fcd29 mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 5b30b136874e9bdf04b1796b6f5e151f mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 87e9b64ac4d34cee3d06c597e418a32e mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 4099460529b00c3696b0034705b011a2 mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 5a41a0a6457ecdf8437394310b1e733b mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.4.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTcH8JmqjQ0CJFipgRArhNAKD0H0qIO50vfqU9t+es+fx2k4hlzwCgknXF LcgV2ulY90HTQVA1UKaszsw= =kKkr -----END PGP SIGNATURE-----
Powered by blists - more mailing lists