Synopsis: Moderate: libxml2 security update
Advisory ID: SLSA-2014:1885-1
Issue Date: 2014-11-20
CVE Numbers: CVE-2014-3660
A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption (denial
of service) based on excessive entity substitutions, even if entity
substitution was disabled, which is the parser default behavior.
The desktop must be restarted (log out, then log back in) for this update
to take effect.
– Scientific Linux Development Team