Boletines de Vulnerabilidades

DSA-3057 libxml2 - security update

Información sobre el sistema
   
Software afectado Debian

Descripción
Sogeti found a denial of service flaw in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML file that, when processed by anapplication using libxml2, would lead to excessive CPU consumption(denial of service) based on excessive entity substitutions, even ifentity substitution was disabled, which is the parser default behavior.(CVE-2014-3660)

More info:

https://www.debian.org/security/2014/dsa-3057

Identificadores estándar
Propiedad Valor
CVE CVE-2014-3660 and DSA-3057.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-10-29

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT