libxml2 security update

2013-03-01T00:45:13
ID CESA-2013:0581
Type centos
Reporter CentOS Project
Modified 2013-03-09T00:45:23

Description

CentOS Errata and Security Advisory CESA-2013:0581

The libxml2 library is a development toolbox providing the implementation of various XML standards.

A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338)

All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-March/031298.html http://lists.centos.org/pipermail/centos-announce/2013-March/031665.html http://lists.centos.org/pipermail/centos-cr-announce/2013-March/007013.html

Affected packages: libxml2 libxml2-devel libxml2-python libxml2-static

Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-0581.html