Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Arch Linux: 201504-32 Low: perl-xml-libxml XML External Entity Risk

Archlinux Large Esm H446
The package perl-xml-libxml before version 2.0119-1 is vulnerable to a XML-External-Entity-Vulnerability.
Arch Linux Security Advisory ASA-201504-32
========================================
Severity: low
Date    : 2015-04-30
CVE-ID  : CVE-2015-3451
Package : perl-xml-libxml
Type    : XML External Entity
Remote  : yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package perl-xml-libxml before version 2.0119-1 is vulnerable to a 
XML-External-Entity-Vulnerability.

Resolution
=========
Upgrade to 2.0119-1

# pacman -Syu "perl-xml-libxml>=2.0119-1"

The problem has been fixed upstream in version 2.0119.

Workaround
=========
None.

Description
==========
Unpreserved unset options after a _clone() call (e.g: in load_xml())
leads to not preserved expand_entities. Therefore it leads to a
XML-External-Entity Vulnerability.

Impact
=====
This vulnerability may lead to the disclosure of confidential data, denial of
service, port scanning from the perspective of the machine where the parser is
located, and other system impacts.

References
=========
https://www.openwall.com/lists/oss-security/2015/04/30/1

Your message here