[SECURITY] [DLA 80-1] libxml2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 80-1] libxml2 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 29 Oct 2014 22:33:56 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1410292232040.11311@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml2
Version        : 2.7.8.dfsg-2+squeeze10
CVE ID         : CVE-2014-0191 CVE-2014-3660

Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

In addition, this update addresses a misapplied chunk for a patch
released the previous version (#762864).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUUV1EXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH6gkP/2RtUdCnfwGKLuIjqFp+bVGm
8yatY3GHUZCwtoiSZhJbMIRcLTJgCoB572uN3fG154YZBVyhAQb0sZ75gfHDCnE9
Y0Rn+M9afVDt8HrTiX8VLEN+Prc9Dwhfmf2jBOarXstuWJXaxDGSe8q0TL2lvjMk
HsCqQJD+9WmgIoKSCPQC0DwWAtxbm3SfQHDP88/EE08X6RMMnKPxjymfA9q0UvnD
LTTxkD7w5DOdvB7DUSMXGBEyWah3iX58YJq51ry+fzgW0mnlXrQ4UfyPHYtenZDP
h76nNdsCR27gJx+9OyZvuvyQyQaZhT5KR//4PO+cuWc1Y2EpW/e4TV8EMJYQFYMV
Htl6aQIWdtA83Zmu+kHOve0sDzAg/uA07KzbazyHW3KhCjLXodKP04pEFkWnVQ46
+2JI6dYbERhUfX5VnYzW/Sio3Ltre/bbi9uyOLX5//TuiGQY/peDduQm3x/JiwMY
Ho/LCWI021dVfyYRpNIxvKYIhAX2BLN7Ekm+Y7lfX80IiFpcFP9fqjXjuevhQBeU
6IT55yvuIxY0VTY2r18S+eUn5WEjm4d5aADGZsnaoPsd+NY7hAApffF4QIruMVKc
XwG/MsrhCRJkV2fpZoY87pgS2S/njMjt6ZSKDuS2lfYr+Nb2y0hbKwq93uEjbB57
eHxAx3AEP48rvvEP5T27
=G5EL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 79-1] dokuwiki security update
Previous by thread: [SECURITY] [DLA 79-1] dokuwiki security update
Index(es):
- Date
- Thread