DSA-2978-2 libxml2 -- libxml2ID: oval:org.secpod.oval:def:601952 | Date: (C)2015-02-13 (M)2023-12-18 |
Class: PATCH | Family: unix |
It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by the patch fixing CVE-2014-3660. This caused libxml2 to not parse an entity when it"s used first in another entity referenced from an attribute value.