Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Scientific Linux: SLSA-2015:2550-1 Moderate: libxml2 DoS Security Fix

Scientific Large Esm H446
Moderate: libxml2 security update
Date: Mon, 21 Dec 2015 23:16:49 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libxml2 on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20151221231649.18997.90942@slpackages.fnal.gov>

Synopsis: Moderate: libxml2 security update
Advisory ID: SLSA-2015:2550-1
Issue Date: 2015-12-07
CVE Numbers: CVE-2015-1819
 CVE-2015-7941
 CVE-2015-7942
 CVE-2015-5312
 CVE-2015-7497
 CVE-2015-7498
 CVE-2015-7499
 CVE-2015-8317
 CVE-2015-8241
 CVE-2015-7500
 CVE-2015-8242
--

Several denial of service flaws were found in libxml2, a library providing
support for reading, modifying, and writing XML and HTML files. A remote
attacker could provide a specially crafted XML or HTML file that, when
processed by an application using libxml2, would cause that application to
use an excessive amount of CPU, leak potentially sensitive information, or
in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312,
CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941,
CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957,
BZ#1281955)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL7
 x86_64
 libxml2-2.9.1-6.el7_2.2.i686.rpm
 libxml2-2.9.1-6.el7_2.2.x86_64.rpm
 libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm
 libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm
 libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm
 libxml2-devel-2.9.1-6.el7_2.2.i686.rpm
 libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm
 libxml2-static-2.9.1-6.el7_2.2.i686.rpm
 libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm

- Scientific Linux Development Team