libxml2 security update

ID CESA-2013:0581
Type centos
Reporter CentOS Project
Modified 2013-03-09T00:45:23


CentOS Errata and Security Advisory CESA-2013:0581

The libxml2 library is a development toolbox providing the implementation of various XML standards.

A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338)

All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

Merged security bulletin from advisories:

Affected packages: libxml2 libxml2-devel libxml2-python libxml2-static

Upstream details at: