Security update for libxml2
SUSE Security Update: Security update for libxml2
libxml2 has been updated to fix the following security
issue:
* CVE-2013-0338: libxml2 allowed context-dependent
attackers to cause a denial of service (CPU and memory
consumption) via an XML file containing an entity
declaration with long replacement text and many references
to this entity, aka "internal entity expansion" with linear
complexity.
Security Issue references:
* CVE-2013-0338
>
* CVE-2013-0339
>
* CVE-2012-5134
>
* CVE-2012-2807
>
* CVE-2011-3102
>
* CVE-2012-0841
>
* CVE-2011-3919
>
* CVE-2013-2877
>
Announcement ID: | SUSE-SU-2013:1627-1 |
Rating: | important |
References: | #829077 |
Affected Products: |
An update that fixes 8 vulnerabilities is now available.
Description:
libxml2 has been updated to fix the following security
issue:
* CVE-2013-0338: libxml2 allowed context-dependent
attackers to cause a denial of service (CPU and memory
consumption) via an XML file containing an entity
declaration with long replacement text and many references
to this entity, aka "internal entity expansion" with linear
complexity.
Security Issue references:
* CVE-2013-0338
* CVE-2013-0339
* CVE-2012-5134
* CVE-2012-2807
* CVE-2011-3102
* CVE-2012-0841
* CVE-2011-3919
* CVE-2013-2877
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
- libxml2-2.6.23-15.39.1
- libxml2-devel-2.6.23-15.39.1
- libxml2-python-2.6.23-15.39.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
- libxml2-32bit-2.6.23-15.39.1
- libxml2-devel-32bit-2.6.23-15.39.1
References:
- http://support.novell.com/security/cve/CVE-2011-3102.html
- http://support.novell.com/security/cve/CVE-2011-3919.html
- http://support.novell.com/security/cve/CVE-2012-0841.html
- http://support.novell.com/security/cve/CVE-2012-2807.html
- http://support.novell.com/security/cve/CVE-2012-5134.html
- http://support.novell.com/security/cve/CVE-2013-0338.html
- http://support.novell.com/security/cve/CVE-2013-0339.html
- http://support.novell.com/security/cve/CVE-2013-2877.html
- https://bugzilla.novell.com/829077
- http://download.suse.com/patch/finder/?keywords=aeb05c467f847178dc94b70e3bc77cc8