diff options
author | Joe MacDonald <joe_macdonald@mentor.com> | 2014-10-20 13:51:21 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-11 17:40:04 +0000 |
commit | 41cca6fbe76206c4909dede4c8b8467e616e0c2b (patch) | |
tree | 0c38c5514c39f1f5d5704096fa0fcbfdce895fcd /meta-yocto-bsp | |
parent | de512045185dd8ac9b2bb2cbb189809d49006189 (diff) | |
download | poky-41cca6fbe76206c4909dede4c8b8467e616e0c2b.tar.gz |
libxml2: fix CVE-2014-3660
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete. It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature. This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.
References:
http://www.openwall.com/lists/oss-security/2014/10/17/7
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
(From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f)
(From OE-Core rev: de7bc57398aaeb84fc9370d025b87f7711986ada)
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta-yocto-bsp')
0 files changed, 0 insertions, 0 deletions