CVE-2014-3660

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.2 libxml2-devel version 2.9.1 libxml2-debuginfo versions 2.6.26 and 2.9.1 libxml2-python version 2.9.1 libxml2-static version 2.9.1

Description The issue is related to the libxml2 package, which can lead to a denial of service due to CPU consumption. This can be caused by a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. The vulnerability can be exploited remotely.

Recommendations For libxml2 versions prior to 2.9.2, update to version 2.9.2 or later. For libxml2-devel version 2.9.1, update to a version that includes the fix for this issue. For libxml2-debuginfo versions 2.6.26 and 2.9.1, update to a version that includes the fix for this issue. For libxml2-python version 2.9.1, update to a version that includes the fix for this issue. For libxml2-static version 2.9.1, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the use of entity expansion in libxml2 until a patch is available.