Scientific Linux: SLSA-2014:1655-1 Moderate: libxml2 Denial Of Service Fix

Date: Wed, 22 Oct 2014 17:04:56 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libxml2 on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: libxml2 security update
Advisory ID: SLSA-2014:1655-1
Issue Date: 2014-10-16
CVE Numbers: CVE-2014-3660
--

A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption (denial
of service) based on excessive entity substitutions, even if entity
substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL6
 x86_64
 libxml2-2.7.6-17.el6_6.1.i686.rpm
 libxml2-2.7.6-17.el6_6.1.x86_64.rpm
 libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm
 libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm
 libxml2-python-2.7.6-17.el6_6.1.x86_64.rpm
 libxml2-devel-2.7.6-17.el6_6.1.i686.rpm
 libxml2-devel-2.7.6-17.el6_6.1.x86_64.rpm
 libxml2-static-2.7.6-17.el6_6.1.x86_64.rpm
 i386
 libxml2-2.7.6-17.el6_6.1.i686.rpm
 libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm
 libxml2-python-2.7.6-17.el6_6.1.i686.rpm
 libxml2-devel-2.7.6-17.el6_6.1.i686.rpm
 libxml2-static-2.7.6-17.el6_6.1.i686.rpm
SL7
 x86_64
 libxml2-2.9.1-5.el7_0.1.i686.rpm
 libxml2-2.9.1-5.el7_0.1.x86_64.rpm
 libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm
 libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm
 libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm
 libxml2-devel-2.9.1-5.el7_0.1.i686.rpm
 libxml2-devel-2.9.1-5.el7_0.1.x86_64.rpm
 libxml2-static-2.9.1-5.el7_0.1.i686.rpm
 libxml2-static-2.9.1-5.el7_0.1.x86_64.rpm

- Scientific Linux Development Team