libxml2: fix CVE-2014-0191 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Maxin B. John <maxin.john@enea.com>	2014-05-07 14:24:15 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-29 13:42:22 +0100
commit	090cb60d49587b5fdacc13fc85e7b1c656173739 (patch)
tree	4a609a883684db3e37bf8767f5f50ad0931430fc /meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
parent	2784c08229e33c59037146b3435002e5cdc5084d (diff)
download	poky-090cb60d49587b5fdacc13fc85e7b1c656173739.tar.gz

libxml2: fix CVE-2014-0191

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 (From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af) (From OE-Core rev: 51f674ab1f7dac049060c58f89e84c5d1275a87b) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: