[security-announce] libxm l.2: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Aug 6 14:03:58 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory
=========================================================
Product/package: libxm l.2
Severity: Low
CVE Name: CVE-2015-1819
=========================================================
This security patch fixes a denial of service vulnerability
in libxm l.2.

Signed patch and README files
================================
0024-libxml2-CVE-2015-1819.patch
0024-libxml2-CVE-2015-1819.patch.sig
0024-libxml2-CVE-2015-1819.README.asc

Description
===========
A denial of service flaw was found in the way the libxml2
library parsed certain XML files. An attacker could provide
a specially crafted XML file that, when parsed by an
application using libxml2, could cause that application to
use an excessive amount of memory.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget https://linux.enea.com/5.0-beta-m400/\
Enea-Linux-5.0-beta-m400.tar.gz
tar zxf Enea-Linux-5.0-beta-m400.tar.gz
cd Enea-Linux-5.0-beta-m400/poky
<Fetch and apply the existing patches >

 - Fetch, verify and apply the new patch
wget
https://linux.enea.com/5.0-beta-m400/patches/0024-libxml2-CVE-2015-1819.
patch
wget
https://linux.enea.com/5.0-beta-m400/patches/0024-libxml2-CVE-2015-1819.
sig
gpg --verify 0024-libxml2-CVE-2015-1819.patch.sig
patch -p1 < ./0024-libxml2-CVE-2015-1819.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVw00uAAoJEHc+9u9ocWoUfaQP/3l7kZ8ClDRX5RA1/pnehujS
lVMmPBfD/R9D6lY+vsZFcKdIiNlENxqqEZWeHH9DfocTmfXlXv+j7CZd7QzsiGXJ
emP70ShYHfo7wSGvutP4ETfjkNOQY2/euqXnA/cT8FiqikYicoiHpomC9izBgShR
u0q/boguZYrXcf2SnbW+i+EEZf41tCo+Pxu2oVkyFxJ1uc876/4+tquSM8ncXKqQ
raD9T6JGc8XPVr6Cy0HJ+F850Eh0M/5uIUAvvIeqqQP/USo8a+mMA4GDd/Amh2xE
FwEQeVW9fC+jSWgCusutQh4hEhLindkT7j96nd2cY0d7qn1G2oVPBqlQhSPoNBzk
PgwnSq2wNTvczAsoT8KNVz6wRdVRnE5TBf0rYoVTzXQC3Z6qxY5HM0jAM0KpI3do
3+ZhKA8Se3o0IVk/BJCIHoPkHTLN++Pyogk+nmcndBvXkuwyCq2qYs96YA7/0JZ2
EPpgHaXN1rOzGkyzeQTN+APHkbhyqoQvfQLUwvkQEQsn0HeEmU0JH1URgK2Nh+G/
HCX41KiogUSV1dSNKd5pHkeTme19Gyo4n5DQy5TPXYaCboFEa8WLkiZCckE3g8nZ
gI1EJoEVI5F4kzQmEgjtCtuC1jmX1+n535yi9FuemvSx6X6AqXodr8VJzqOEWr1S
Z09hiU81K1H2NYwgAx5A
=EXLI
-----END PGP SIGNATURE-----



More information about the security-announce mailing list