Mageia alert MGASA-2012-0266 (ocaml-xml-light)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0266: ocaml-xml-light-2.2-18.1.mga1,
 ocaml-dose3-2.9.2-2.2457.2.1.mga1 (1/core), ocaml-xml-light-2.2-19.1.mga2,
 ocaml-dose3-2.9.10-3.1.mga2 (2/core) 
Date:
    	     
 
Thu, 13 Sep 2012 14:23:39 +0200
Message-ID:
    	     
 
<20120913122338.GA412@valstar.mageia.org>
Archive-link:
    	     
 
Article, Thread
              
MGASA-2012-0266
Date: 	September 13th, 2012
Affected releases: 	1, 2


Description:
Updated ocaml-xml-light packages fix security vulnerability:

OCaml Xml-Light Library before r234 computes hash values without
restricting the ability to trigger hash collisions predictably,
which allows context-dependent attackers to cause a denial of service
(CPU consumption) via unspecified vectors (CVE-2012-3514).

Additionally, ocaml-dose3 has been rebuilt to include the updated
ocaml-xml-light.


Updated Packages:
Mageia 1:
ocaml-xml-light-2.2-18.1.mga1
ocaml-xml-light-devel-2.2-18.1.mga1
ocaml-dose3-2.9.2-2.2457.2.1.mga1
ocaml-dose3-devel-2.9.2-2.2457.2.1.mga1

Mageia 2:
ocaml-xml-light-2.2-19.1.mga2
ocaml-xml-light-devel-2.2-19.1.mga2
ocaml-dose3-2.9.10-3.1.mga2
ocaml-dose3-devel-2.9.10-3.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3514
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=7276
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...