CentOS Errata and Security Advisory CESA-2013:0581
The libxml2 library is a development toolbox providing the implementation of various XML standards.
A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338)
All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-March/031298.html http://lists.centos.org/pipermail/centos-announce/2013-March/031665.html http://lists.centos.org/pipermail/centos-cr-announce/2013-March/007013.html
Affected packages: libxml2 libxml2-devel libxml2-python libxml2-static
Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-0581.html