CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
85.6%
CentOS Errata and Security Advisory CESA-2013:0581
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement was
enabled. A remote attacker could provide a specially-crafted XML file that,
when processed by an application linked against libxml2, would lead to
excessive CPU consumption. (CVE-2013-0338)
All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-March/081422.html
https://lists.centos.org/pipermail/centos-announce/2013-March/081789.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-March/027083.html
Affected packages:
libxml2
libxml2-devel
libxml2-python
libxml2-static
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0581
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | libxml2 | < 2.6.26-2.1.21.el5_9.1 | libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm |
CentOS | 5 | i386 | libxml2-devel | < 2.6.26-2.1.21.el5_9.1 | libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm |
CentOS | 5 | i386 | libxml2-python | < 2.6.26-2.1.21.el5_9.1 | libxml2-python-2.6.26-2.1.21.el5_9.1.i386.rpm |
CentOS | 5 | i386 | libxml2 | < 2.6.26-2.1.21.el5_9.1 | libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm |
CentOS | 5 | x86_64 | libxml2 | < 2.6.26-2.1.21.el5_9.1 | libxml2-2.6.26-2.1.21.el5_9.1.x86_64.rpm |
CentOS | 5 | i386 | libxml2-devel | < 2.6.26-2.1.21.el5_9.1 | libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm |
CentOS | 5 | x86_64 | libxml2-devel | < 2.6.26-2.1.21.el5_9.1 | libxml2-devel-2.6.26-2.1.21.el5_9.1.x86_64.rpm |
CentOS | 5 | x86_64 | libxml2-python | < 2.6.26-2.1.21.el5_9.1 | libxml2-python-2.6.26-2.1.21.el5_9.1.x86_64.rpm |
CentOS | 6 | i686 | libxml2 | < 2.7.6-12.el6_4.1 | libxml2-2.7.6-12.el6_4.1.i686.rpm |
CentOS | 6 | i686 | libxml2-devel | < 2.7.6-12.el6_4.1 | libxml2-devel-2.7.6-12.el6_4.1.i686.rpm |