openembedded-core.git - Mirror of openembedded-core

diff options

author	Joe MacDonald <joe_macdonald@mentor.com>	2014-10-20 13:51:21 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-02-11 17:39:47 +0000
commit	de7bc57398aaeb84fc9370d025b87f7711986ada (patch)
tree	caa7c375d95d7cde68d98c85f1c57e88e12cc440 /scripts/lib/image/engine.py
parent	54debe63cbd38dba56895541c434f895e158f70b (diff)
download	openembedded-core-de7bc57398aaeb84fc9370d025b87f7711986ada.tar.gz openembedded-core-de7bc57398aaeb84fc9370d025b87f7711986ada.tar.bz2 openembedded-core-de7bc57398aaeb84fc9370d025b87f7711986ada.zip

libxml2: fix CVE-2014-3660

It was discovered that the patch for CVE-2014-0191 for libxml2 is incomplete. It is still possible to have libxml2 incorrectly perform entity substituton even when the application using libxml2 explicitly disables the feature. This can allow a remote denial-of-service attack on systems with libxml2 prior to 2.9.2. References: http://www.openwall.com/lists/oss-security/2014/10/17/7 https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html (From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f) Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'scripts/lib/image/engine.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: