ALT-PU-2015-1880-1
Package perl-XML-LibXML updated to version 2.0122-alt1 for branch sisyphus in task 151561.
Closed vulnerabilities
Published: 2015-05-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-3451
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
Severity: MEDIUM (5.0)
References:
- http://advisories.mageia.org/MGASA-2015-0199.html
- http://advisories.mageia.org/MGASA-2015-0199.html
- http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes
- http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes
- FEDORA-2015-7115
- FEDORA-2015-7115
- FEDORA-2015-7258
- FEDORA-2015-7258
- openSUSE-SU-2015:1506
- openSUSE-SU-2015:1506
- DSA-3243
- DSA-3243
- MDVSA-2015:231
- MDVSA-2015:231
- [oss-security] 20150424 CVE request: Perl XML::LibXML
- [oss-security] 20150424 CVE request: Perl XML::LibXML
- [oss-security] 20150430 Re: CVE request: Perl XML::LibXML
- [oss-security] 20150430 Re: CVE request: Perl XML::LibXML
- 74333
- 74333
- USN-2592-1
- USN-2592-1
- https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/
- https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/