Lucene search

K
centosCentOS ProjectCESA-2008:0032
HistoryJan 11, 2008 - 2:30 p.m.

libxml2 security update

2008-01-1114:30:01
CentOS Project
lists.centos.org
48
centos
libxml2
xml manipulation

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.024

Percentile

90.2%

CentOS Errata and Security Advisory CESA-2008:0032

The libxml2 packages provide a library that allows you to manipulate XML
files. It includes support to read, modify, and write XML and HTML files.

A denial of service flaw was found in the way libxml2 processes certain
content. If an application linked against libxml2 processes malformed XML
content, it could cause the application to stop responding. (CVE-2007-6284)

Red Hat would like to thank the Google Security Team for responsibly
disclosing this issue.

All users are advised to upgrade to these updated packages, which contain a
backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-January/076731.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076732.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076735.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076737.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076739.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076740.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076751.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076752.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076763.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076764.html

Affected packages:
libxml2
libxml2-devel
libxml2-python

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0032

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.024

Percentile

90.2%