what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-086

Mandriva Linux Security Advisory 2014-086
Posted May 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-086 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-0191
SHA-256 | d404a08a5cc0f16dce907a42080b5f7aa2e914d54fe5089305065117c76c4b23

Mandriva Linux Security Advisory 2014-086

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:086
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libxml2
Date : May 12, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Updated libxml2 packages fix security vulnerability:

It was discovered that libxml2, a library providing support to
read, modify and write XML files, incorrectly performs entity
substituton in the doctype prolog, even if the application using
libxml2 disabled any entity substitution. A remote attacker could
provide a specially-crafted XML file that, when processed, would lead
to the exhaustion of CPU and memory resources or file descriptors
(CVE-2014-0191).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191
http://advisories.mageia.org/MGASA-2014-0214.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
e08199e8000aa742a349779d3ab2ec47 mes5/i586/libxml2_2-2.7.6-0.2mdvmes5.2.i586.rpm
e17921a9fc6178f4a9fc09d4bc032191 mes5/i586/libxml2-devel-2.7.6-0.2mdvmes5.2.i586.rpm
45a35d256df7c886d9032419f905f542 mes5/i586/libxml2-python-2.7.6-0.2mdvmes5.2.i586.rpm
eb09afc6effc053554a3ddbe85e1b81b mes5/i586/libxml2-utils-2.7.6-0.2mdvmes5.2.i586.rpm
886f3cdfedc2ec5dc24f860d36da6e6e mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
af207123c0b36ecc1d5c8be9f190d88d mes5/x86_64/lib64xml2_2-2.7.6-0.2mdvmes5.2.x86_64.rpm
3e57b3303b180a7ea6cd66556a409645 mes5/x86_64/lib64xml2-devel-2.7.6-0.2mdvmes5.2.x86_64.rpm
4cbd6c336dddfd8fe721e9b7a56f4e1b mes5/x86_64/libxml2-python-2.7.6-0.2mdvmes5.2.x86_64.rpm
77ccd9b969dca08ba7b268ea0a8db830 mes5/x86_64/libxml2-utils-2.7.6-0.2mdvmes5.2.x86_64.rpm
886f3cdfedc2ec5dc24f860d36da6e6e mes5/SRPMS/libxml2-2.7.6-0.2mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
ab5de5282ee7436abc25ee2bb79fcd29 mbs1/x86_64/lib64xml2_2-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
5b30b136874e9bdf04b1796b6f5e151f mbs1/x86_64/lib64xml2-devel-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
87e9b64ac4d34cee3d06c597e418a32e mbs1/x86_64/libxml2-python-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
4099460529b00c3696b0034705b011a2 mbs1/x86_64/libxml2-utils-2.7.8-14.20120229.2.4.mbs1.x86_64.rpm
5a41a0a6457ecdf8437394310b1e733b mbs1/SRPMS/libxml2-2.7.8-14.20120229.2.4.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTcH8JmqjQ0CJFipgRArhNAKD0H0qIO50vfqU9t+es+fx2k4hlzwCgknXF
LcgV2ulY90HTQVA1UKaszsw=
=kKkr
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close