Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-1655

Опубликовано: 16 окт. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2014-1655: libxml2 security update (MODERATE)

[2.9.1-5.0.1.el7_0.1]

  • Update doc/redhat.gif in tarball
  • Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.9.1-5.1]

  • CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

libxml2

2.7.6-17.0.1.el6_6.1

libxml2-devel

2.7.6-17.0.1.el6_6.1

libxml2-python

2.7.6-17.0.1.el6_6.1

libxml2-static

2.7.6-17.0.1.el6_6.1

Oracle Linux i686

libxml2

2.7.6-17.0.1.el6_6.1

libxml2-devel

2.7.6-17.0.1.el6_6.1

libxml2-python

2.7.6-17.0.1.el6_6.1

libxml2-static

2.7.6-17.0.1.el6_6.1

Oracle Linux 7

Oracle Linux x86_64

libxml2

2.9.1-5.0.1.el7_0.1

libxml2-devel

2.9.1-5.0.1.el7_0.1

libxml2-python

2.9.1-5.0.1.el7_0.1

libxml2-static

2.9.1-5.0.1.el7_0.1

Связанные CVE

CVE-2014-3660

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-3660

ubuntu
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

redhat логотип

CVE-2014-3660

redhat
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

nvd логотип

CVE-2014-3660

nvd
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

debian логотип

CVE-2014-3660

debian
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ...

github логотип

GHSA-xrph-4qjj-gj25

github
больше 3 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.