Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-723-1 libsoap-lite-perl

Debian Security Advisory

DLA-723-1 libsoap-lite-perl -- LTS security update

Date Reported:

25 Nov 2016

Affected Packages:

libsoap-lite-perl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-8978.

More information:

It was discovered that there was a Billion Laughs [0] XML expansion vulnerability in libsoap-lite-perl, a Perl implementation of a SOAP [1] client and server.

For Debian 7 Wheezy, this issue has been fixed in libsoap-lite-perl version 0.714-1+deb7u1.

We recommend that you upgrade your libsoap-lite-perl packages.

[0] https://en.wikipedia.org/wiki/Billion_laughs
[1] https://en.wikipedia.org/wiki/SOAP