Synopsis: Moderate: libxml2 security update
Advisory ID: SLSA-2015:0749-1
Issue Date: 2015-03-30
CVE Numbers: CVE-2014-0191
It was discovered that libxml2 loaded external parameter entities even
when entity substitution was disabled. A remote attacker able to provide a
specially crafted XML file to an application linked against libxml2 could
use this flaw to conduct XML External Entity (XXE) attacks, possibly
resulting in a denial of service or an information leak on the system.
The desktop must be restarted (log out, then log back in) for this update
to take effect.
– Scientific Linux Development Team