exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 3057-1

Debian Security Advisory 3057-1
Posted Oct 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3057-1 - Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2014-3660
SHA-256 | c144597c40829cd3ce82d549359e55e677fe9190523e5cc891a3339d0a6adef2

Debian Security Advisory 3057-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3057-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
October 26, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxml2
CVE ID : CVE-2014-3660
Debian Bug : 762864 765722 765770

Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

In addition, this update addresses a misapplied chunk for a patch
released in version 2.8.0+dfsg1-7+wheezy1 (#762864), and a memory leak
regression (#765770) introduced in version 2.8.0+dfsg1-7+nmu3.

For the stable distribution (wheezy), this problem has been fixed in
version 2.8.0+dfsg1-7+wheezy2.

For the unstable distribution (sid), this problem has been fixed in
version 2.9.2+dfsg1-1.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUTWUxAAoJEFb2GnlAHawEtjUH/1E5PCwl5WTG4AKIo90uefIE
0jO+JS4yMUeig4Ub39sZbvv0Zb0x7qdhJF5v6ku3QTYQN+xTAyIbqUvwpojvDXF5
YJOsTTSIuDX6jDtcHMamAD1yeKv5iGCO9YlnHIA6+cA17IpFNDiOuxM0GYkcvbVG
ytx8AmhpwVenC3tX+oWSojwOKG3UVJCzbbC2n7sJDqksB6efRt0LQHMOyaHCBO+0
GaYjZ4OkSCKot6/YYn/F0YTSzde03L8fC6fMwuWklpaFENgrtL9HnkrwZtRX9IbN
7jO/2FrMqdKu2h56LcwYLOmA+jV/vmGXCPmwzFLPTXE0ZazxdTl8aUw7EAOaefI=
=+Gp9
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close