Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Arch Linux: 201504-32 Low: perl-xml-libxml XML External Entity Risk

Calendar Apr 30, 2015 User Avatar LinuxSecurity Advisories
1 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory remote threat low severity Arch Linux XML Entity perl-xml-libxml XML issue
The package perl-xml-libxml before version 2.0119-1 is vulnerable to a XML-External-Entity-Vulnerability. 
Arch Linux Security Advisory ASA-201504-32
========================================
Severity: low
Date    : 2015-04-30
CVE-ID  : CVE-2015-3451
Package : perl-xml-libxml
Type    : XML External Entity
Remote  : yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package perl-xml-libxml before version 2.0119-1 is vulnerable to a 
XML-External-Entity-Vulnerability.

Resolution
=========
Upgrade to 2.0119-1

# pacman -Syu "perl-xml-libxml>=2.0119-1"

The problem has been fixed upstream in version 2.0119.

Workaround
=========
None.

Description
==========
Unpreserved unset options after a _clone() call (e.g: in load_xml())
leads to not preserved expand_entities. Therefore it leads to a
XML-External-Entity Vulnerability.

Impact
=====
This vulnerability may lead to the disclosure of confidential data, denial of
service, port scanning from the perspective of the machine where the parser is
located, and other system impacts.

References
=========
https://www.openwall.com/lists/oss-security/2015/04/30/1

Related News

Your message here