The libxml2 library is a development toolbox providing the implementation
of various XML standards.
It was discovered that libxml2 loaded external parameter entities even when
entity substitution was disabled. A remote attacker able to provide a
specially crafted XML file to an application linked against libxml2 could
use this flaw to conduct XML External Entity (XXE) attacks, possibly
resulting in a denial of service or an information leak on the system.
(CVE-2014-0191)
The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.
All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | libxml2 | < 2.9.1-5.el7_1.2 | libxml2-2.9.1-5.el7_1.2.x86_64.rpm |
RedHat | 7 | ppc | libxml2-debuginfo | < 2.9.1-5.el7_1.2 | libxml2-debuginfo-2.9.1-5.el7_1.2.ppc.rpm |
RedHat | 7 | ppc | libxml2-devel | < 2.9.1-5.el7_1.2 | libxml2-devel-2.9.1-5.el7_1.2.ppc.rpm |
RedHat | 7 | ppc64 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.ppc64.rpm |
RedHat | 7 | ppc64 | libxml2-debuginfo | < 2.9.1-5.el7_1.2 | libxml2-debuginfo-2.9.1-5.el7_1.2.ppc64.rpm |
RedHat | 7 | s390 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.s390.rpm |
RedHat | 7 | x86_64 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.x86_64.rpm |
RedHat | 7 | x86_64 | libxml2-python | < 2.9.1-5.el7_1.2 | libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm |
RedHat | 7 | i686 | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.i686.rpm |
RedHat | 7 | ppc | libxml2-static | < 2.9.1-5.el7_1.2 | libxml2-static-2.9.1-5.el7_1.2.ppc.rpm |