Multiple Denial of Services vulnerabilities were found in libxml2.
Package | dev-libs/libxml2 on all architectures |
---|---|
Affected versions | < 2.7.3-r2 |
Unaffected versions | >= 2.7.3-r2 |
libxml2 is a library to manipulate XML files.
The following vulnerabilities were reported after a test with the Codenomicon XML fuzzing framework:
A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2 resulting in a Denial of Service condition.
There is no known workaround at this time.
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.3-r2"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 30, 2009. It is likely that your system is already no longer affected by this issue.
Release date
September 21, 2010
Latest revision
September 21, 2010: 01
Severity
normal
Exploitable
remote
Bugzilla entries