Lucene search
RedHatRHSA-2015:0749HistoryMar 30, 2015 - 12:00 a.m.
(RHSA-2015:0749) Moderate: libxml2 security update
2015-03-3000:00:00
access.redhat.com
21
EPSS
0.024
Percentile
90.1%
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
It was discovered that libxml2 loaded external parameter entities even when
entity substitution was disabled. A remote attacker able to provide a
specially crafted XML file to an application linked against libxml2 could
use this flaw to conduct XML External Entity (XXE) attacks, possibly
resulting in a denial of service or an information leak on the system.
(CVE-2014-0191)
The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.
All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | libxml2 | < 2.9.1-5.el7_1.2 | libxml2-2.9.1-5.el7_1.2.x86_64.rpm |
| RedHat | 7 | ppc | libxml2-debuginfo | < 2.9.1-5.el7_1.2 | libxml2-debuginfo-2.9.1-5.el7_1.2.ppc.rpm |
| RedHat | 7 | ppc | libxml2-devel | < 2.9.1-5.el7_1.2 | libxml2-devel-2.9.1-5.el7_1.2.ppc.rpm |
| RedHat | 7 | ppc64 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.ppc64.rpm |
| RedHat | 7 | ppc64 | libxml2-debuginfo | < 2.9.1-5.el7_1.2 | libxml2-debuginfo-2.9.1-5.el7_1.2.ppc64.rpm |
| RedHat | 7 | s390 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.s390.rpm |
| RedHat | 7 | x86_64 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.x86_64.rpm |
| RedHat | 7 | x86_64 | libxml2-python | < 2.9.1-5.el7_1.2 | libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm |
| RedHat | 7 | i686 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.i686.rpm |
| RedHat | 7 | ppc | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.ppc.rpm |
Related
centos
centos
libxml2 security update
2015-04-01 03:26:34
libxml2 security update
2014-05-19 13:08:11
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libxml2-2.9.2-1.fc20
2015-01-02 05:01:49
[SECURITY] Fedora 21 Update: mingw-libxml2-2.9.2-1.fc21
2015-01-02 05:01:30
[SECURITY] Fedora 21 Update: libxml2-2.9.1-7.fc21
2015-04-07 07:30:19
debiancve
debiancve
CVE-2014-0191
2015-01-21 14:59:00
ibm
ibm
mageia
mageia
Updated libxml2 packages fix CVE-2014-0191
2014-05-10 23:46:24
Updated kdelibs4 packages fix security vulnerability and various bugs
2014-08-12 13:16:46
prion
prion
Design/Logic Flaw
2015-01-21 14:59:00
Design/Logic Flaw
2015-01-21 18:59:00
nessus
nessus
Amazon Linux AMI : libxml2 (ALAS-2014-341)
2014-10-12 00:00:00
openSUSE Security Update : libxml2 (openSUSE-SU-2014:0645-1)
2014-06-13 00:00:00
openvas
openvas
CentOS Update for libxml2 CESA-2015:0749 centos7
2015-04-01 00:00:00
Ubuntu: Security Advisory (USN-2214-1)
2014-05-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-341)
2015-09-08 00:00:00
debian
debian
[DLA-0016-1] libxml2 security update
2014-07-19 15:07:28
libxml2 security update
2014-07-19 14:43:46
libxml2 security update
2014-07-19 14:46:40
freebsd
freebsd
libxml2 -- entity substitution DoS
2013-12-03 00:00:00
veracode
veracode
XML External Entities (XXE)
2018-08-06 02:11:43
amazon
amazon
Medium: libxml2
2014-05-21 10:31:00
cvelist
cvelist
CVE-2014-0191
2015-01-21 02:00:00
CVE-2015-0386
2015-01-21 18:00:00
aix
aix
AIX libxml2 vulnerability,VIOS libxml2 vulnerability
2014-08-15 10:26:30
ubuntucve
ubuntucve
CVE-2014-0191
2014-05-07 00:00:00
securityvulns
securityvulns
libxml2 DoS
2014-05-07 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
Apple iOS multiple security vulnerabilities
2015-08-17 00:00:00
gentoo
gentoo
libxml2: Denial of service
2014-09-19 00:00:00
ubuntu
ubuntu
libxml2 vulnerability
2014-05-15 00:00:00
cve
cve
nvd
nvd
oraclelinux
oraclelinux
libxml2 security update
2014-05-19 00:00:00
libxml2 security update
2015-03-30 00:00:00
libxml2 security update
2015-12-07 00:00:00
osv
osv
libxml2 - security update
2015-02-07 00:00:00
libxml2 - security update
2014-07-11 00:00:00
ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media
2024-06-15 00:00:00
archlinux
archlinux
libxml2: Denial of service
2014-10-24 00:00:00
exploitpack
exploitpack
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
redhat
redhat
(RHSA-2014:0513) Moderate: libxml2 security update
2014-05-19 00:00:00
exploitdb
exploitdb
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
apple
apple
About the security content of Apple TV 7.2.1 - Apple Support
2017-01-23 03:54:31
About the security content of Apple TV 7.2.1
2016-02-25 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00