what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 3057-1

Debian Security Advisory 3057-1
Posted Oct 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3057-1 - Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2014-3660
SHA-256 | c144597c40829cd3ce82d549359e55e677fe9190523e5cc891a3339d0a6adef2

Debian Security Advisory 3057-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3057-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
October 26, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxml2
CVE ID : CVE-2014-3660
Debian Bug : 762864 765722 765770

Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

In addition, this update addresses a misapplied chunk for a patch
released in version 2.8.0+dfsg1-7+wheezy1 (#762864), and a memory leak
regression (#765770) introduced in version 2.8.0+dfsg1-7+nmu3.

For the stable distribution (wheezy), this problem has been fixed in
version 2.8.0+dfsg1-7+wheezy2.

For the unstable distribution (sid), this problem has been fixed in
version 2.9.2+dfsg1-1.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUTWUxAAoJEFb2GnlAHawEtjUH/1E5PCwl5WTG4AKIo90uefIE
0jO+JS4yMUeig4Ub39sZbvv0Zb0x7qdhJF5v6ku3QTYQN+xTAyIbqUvwpojvDXF5
YJOsTTSIuDX6jDtcHMamAD1yeKv5iGCO9YlnHIA6+cA17IpFNDiOuxM0GYkcvbVG
ytx8AmhpwVenC3tX+oWSojwOKG3UVJCzbbC2n7sJDqksB6efRt0LQHMOyaHCBO+0
GaYjZ4OkSCKot6/YYn/F0YTSzde03L8fC6fMwuWklpaFENgrtL9HnkrwZtRX9IbN
7jO/2FrMqdKu2h56LcwYLOmA+jV/vmGXCPmwzFLPTXE0ZazxdTl8aUw7EAOaefI=
=+Gp9
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close