[ MDVSA-2015:231 ] perl-XML-LibXML

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:231
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : perl-XML-LibXML
 Date    : May 7, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated perl-XML-LibXML package fixes security vulnerability:
 
 Tilmann Haak from xing.com discovered that XML::LibXML did not respect
 the expand_entities parameter to disable processing of external
 entities in some circumstances. This may allow attackers to gain
 read access to otherwise protected ressources, depending on how the
 library is used (CVE-2015-3451).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-

Leave a Reply