Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 30 Mar 2015 15:27:36 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: libxml2 on SL7.x x86_64 MIME-Version: 1.0 Synopsis: Moderate: libxml2 security update Advisory ID: SLSA-2015:0749-1 Issue Date: 2015-03-30 CVE Numbers: CVE-2014-0191 -- It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The desktop must be restarted (log out, then log back in) for this update to take effect. -- SL7 x86_64 libxml2-2.9.1-5.el7_1.2.i686.rpm libxml2-2.9.1-5.el7_1.2.x86_64.rpm libxml2-debuginfo-2.9.1-5.el7_1.2.i686.rpm libxml2-debuginfo-2.9.1-5.el7_1.2.x86_64.rpm libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm libxml2-devel-2.9.1-5.el7_1.2.i686.rpm libxml2-devel-2.9.1-5.el7_1.2.x86_64.rpm libxml2-static-2.9.1-5.el7_1.2.i686.rpm libxml2-static-2.9.1-5.el7_1.2.x86_64.rpm - Scientific Linux Development Team