Joined: 12 May 2004
|Posted: Wed Dec 10, 2014 10:26 am Post subject: [ GLSA 201412-06 ] libxml2: Denial of Service
|Gentoo Linux Security Advisory
Title: libxml2: Denial of Service (GLSA 201412-06)
Exploitable: local, remote
Date: December 10, 2014
A vulnerability in libxml2 could result in Denial of Service.
libxml2 is the XML C parser and toolkit developed for the Gnome project.
Vulnerable: < 2.9.2
Unaffected: >= 2.9.2
Architectures: All supported architectures
parser.c in libxml2 before 2.9.2 does not properly prevent entity
expansion even when entity substitution has been disabled.
A context-dependent attacker could entice a user to a specially crafted
XML file using an application linked against libxml2, possibly resulting
in a Denial of Service condition.
There is no known workaround at this time.
All libxml2 users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.2"
such as revdep-rebuild may assist in identifying these packages.