Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-1885

Опубликовано: 20 нояб. 2014
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2014-1885: libxml2 security update (MODERATE)

[2.6.26-2.1.25.0.1.el5_11]

  • Add libxml2-enterprise.patch
  • Replaced doc/redhat.gif in tarball with updated image

[2.6.26-2.1.25.el5]

  • CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1161841)

[2.6.26-2.1.24.el5]

  • fixed one regexp bug and added a (rhbz#922450)
  • Another small change on the algorithm for the elimination of epsilon (rhbz#922450)

[2.6.26-2.1.23.el5]

  • detect and stop excessive entities expansion upon replacement (rhbz#912573)

[2.6.26-2.1.22.el5]

  • fix validation issues with some XSD (rhbz#877348)
  • xmlDOMWrapCloneNode discards namespace of the node parameter (rhbz#884707)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

libxml2

2.6.26-2.1.25.0.1.el5_11

libxml2-devel

2.6.26-2.1.25.0.1.el5_11

libxml2-python

2.6.26-2.1.25.0.1.el5_11

Oracle Linux x86_64

libxml2

2.6.26-2.1.25.0.1.el5_11

libxml2-devel

2.6.26-2.1.25.0.1.el5_11

libxml2-python

2.6.26-2.1.25.0.1.el5_11

Oracle Linux i386

libxml2

2.6.26-2.1.25.0.1.el5_11

libxml2-devel

2.6.26-2.1.25.0.1.el5_11

libxml2-python

2.6.26-2.1.25.0.1.el5_11

Связанные CVE

CVE-2014-3660

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-3660

ubuntu
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

redhat логотип

CVE-2014-3660

redhat
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

nvd логотип

CVE-2014-3660

nvd
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

debian логотип

CVE-2014-3660

debian
почти 11 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ...

github логотип

GHSA-xrph-4qjj-gj25

github
больше 3 лет назад

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.