Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 17 Oct 2014 16:09:36 +0200
From: "Thijs Kinkhorst" <>
Subject: libxml2 issue: billioun laughs variant (CVE-2014-3660)


The Netherlands Cyber Security Center found a libxml2 issue, similar to
the original 'billion laughs' entity expansion attack. Upstream pushed out
a fix immediately (to much regret of the NCSC that wanted to do a
coordinated disclosure).

>From the git logs, it seems it has been fixed in libxml2 2.9.2 and is
known as CVE-2014-3660:

Kind regards,

Thijs Kinkhorst
Debian Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ