Date:         Wed, 22 Oct 2014 17:04:56 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Moderate: libxml2 on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Moderate: libxml2 security update
Advisory ID:       SLSA-2014:1655-1
Issue Date:        2014-10-16
CVE Numbers:       CVE-2014-3660
--

A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption (denial
of service) based on excessive entity substitutions, even if entity
substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL6
  x86_64
    libxml2-2.7.6-17.el6_6.1.i686.rpm
    libxml2-2.7.6-17.el6_6.1.x86_64.rpm
    libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm
    libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm
    libxml2-python-2.7.6-17.el6_6.1.x86_64.rpm
    libxml2-devel-2.7.6-17.el6_6.1.i686.rpm
    libxml2-devel-2.7.6-17.el6_6.1.x86_64.rpm
    libxml2-static-2.7.6-17.el6_6.1.x86_64.rpm
  i386
    libxml2-2.7.6-17.el6_6.1.i686.rpm
    libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm
    libxml2-python-2.7.6-17.el6_6.1.i686.rpm
    libxml2-devel-2.7.6-17.el6_6.1.i686.rpm
    libxml2-static-2.7.6-17.el6_6.1.i686.rpm
SL7
  x86_64
    libxml2-2.9.1-5.el7_0.1.i686.rpm
    libxml2-2.9.1-5.el7_0.1.x86_64.rpm
    libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm
    libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm
    libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm
    libxml2-devel-2.9.1-5.el7_0.1.i686.rpm
    libxml2-devel-2.9.1-5.el7_0.1.x86_64.rpm
    libxml2-static-2.9.1-5.el7_0.1.i686.rpm
    libxml2-static-2.9.1-5.el7_0.1.x86_64.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-3660 Moderate: libxml2 SL6.x, SL7.x i386/x86_64

Moderate: libxml2 security update

Summary

Moderate: libxml2 security update



Security Fixes

Severity
Advisory ID: SLSA-2014:1655-1
Issued Date: : 2014-10-16
CVE Numbers: CVE-2014-3660
A denial of service flaw was found in libxml2, a library providing support

Related News