First published: Tue May 12 2015(Updated: )
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xml-libxml Project Xml-libxml Perl | <=2.0118 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
Canonical Ubuntu Linux | =15.04 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Fedoraproject Fedora | =20 | |
Fedoraproject Fedora | =21 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.