ELSA-2013-0581 -- Oracle libxml2ID: oval:org.secpod.oval:def:1500068 | Date: (C)2013-03-20 (M)2023-12-07 |
Class: PATCH | Family: unix |
Updated libxml2 packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. The libxml2 library is a development toolbox providing the implementationof various XML standards.A denial of service flaw was found in the way libxml2 performed stringsubstitutions when entity values for entity references replacement wasenabled. A remote attacker could provide a specially-crafted XML file that,when processed by an application linked against libxml2, would lead toexcessive CPU consumption. All users of libxml2 are advised to upgrade to these updated packages,which contain a backported patch to correct this issue. The desktop mustbe restarted for this update to take effect.