Updated libxml2 packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. The libxml2 library is a development toolbox providing the implementationof various XML standards.A denial of service flaw was found in the way libxml2 performed stringsubstitutions when entity values for entity references replacement wasenabled. A remote attacker could provide a specially-crafted XML file that,when processed by an application linked against libxml2, would lead toexcessive CPU consumption. All users of libxml2 are advised to upgrade to these updated packages,which contain a backported patch to correct this issue. The desktop mustbe restarted for this update to take effect.