LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:086: libxml2 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:086
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : May 12, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Updated libxml2 packages fix security vulnerability:
 
 It was discovered that libxml2, a library providing support to
 read, modify and write XML files, incorrectly performs entity
 substituton in the doctype prolog, even if the application using
 libxml2 disabled any entity substitution. A remote attacker could
 provide a specially-crafted XML file that, when processed, would lead
 to the exhaustion of CPU and memory resources or file descriptors
 (CVE-2014-0191).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191
 http://advisories.mageia.org/MGASA-2014-0214.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 e08199e8000aa742a349779d3ab2ec47  mes5/i586/libxml2_2-2.7.6-0.2mdvmes5.2.i586.rpm
 e17921a9fc6178f4a9fc09d4bc032191  mes5/i586/libxml2-devel-2.7.6-0.2mdvmes5.2.i586.rpm
 45a35d256df7c886d9032419f905f542  mes5/i586/libxml2-python-2.7.6-0.2mdvmes5.2.i586.rpm
 eb09afc6effc053554a3ddbe85e1b81b  mes5/i586/libxml2-utils-2.7.6-0.2mdvmes5.2.i586.rpm 
 886f3cdfedc2ec5dc24f860d36da6e6e  mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 af207123c0b36ecc1d5c8be9f190d88d  mes5/x86_64/lib64xml2_2-2.7.6-0.2mdvmes5.2.x86_64.rpm
 3e57b3303b180a7ea6cd66556a409645  mes5/x86_64/lib64xml2-devel-2.7.6-0.2mdvmes5.2.x86_64.rpm
 4cbd6c336dddfd8fe721e9b7a56f4e1b  mes5/x86_64/libxml2-python-2.7.6-0.2mdvmes5.2.x86_64.rpm
 77ccd9b969dca08ba7b268ea0a8db830  mes5/x86_64/libxml2-utils-2.7.6-0.2mdvmes5.2.x86_64.rpm 
 886f3cdfedc2ec5dc24f860d36da6e6e  mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 ab5de5282ee7436abc25ee2bb79fcd29  mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 5b30b136874e9bdf04b1796b6f5e151f  mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 87e9b64ac4d34cee3d06c597e418a32e  mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
 4099460529b00c3696b0034705b011a2  mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm 
 5a41a0a6457ecdf8437394310b1e733b  mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.4.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.