| Description: | The libxml2 library is a development toolbox providing the implementationof various XML standards.It was discovered that libxml2 loaded external parameter entities even whenentity substitution was disabled. A remote attacker able to provide aspecially crafted XML file to an application linked against libxml2 coulduse this flaw to conduct XML External Entity (XXE) attacks, possiblyresulting in a denial of service or an information leak on the system.(CVE-2014-0191)An out-of-bounds read flaw was found in the way libxml2 detected the end ofan XML file. A remote attacker could provide a specially crafted XML filethat, when processed by an application linked against libxml2, could causethe application to crash. (CVE-2013-2877)The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.All libxml2 users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The desktop must berestarted (log out, then log back in) for this update to take effect. |