LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

libxml2: denial of service

Package(s):libxml2 CVE #(s):CVE-2013-0338
Created:March 1, 2013 Updated:March 28, 2013
Description:

From the Red hat advisory:

A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption.

Alerts:
Red Hat RHSA-2013:0581-01 2013-02-28
Oracle ELSA-2013-0581 2013-02-28
CentOS CESA-2013:0581 2013-03-01
Scientific Linux SL-libx-20130228 2013-02-28
Oracle ELSA-2013-0581 2013-03-01
Mageia MGASA-2013-0085 2013-03-03
Mandriva MDVSA-2013:017 2013-03-05
CentOS CESA-2013:0581 2013-03-09
Debian DSA-2652-1 2013-03-26
openSUSE openSUSE-SU-2013:0552-1 2013-03-27
openSUSE openSUSE-SU-2013:0555-1 2013-03-27
Ubuntu USN-1782-1 2013-03-28
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds