Mandriva Linux Security Advisory : perl-XML-LibXML (MDVSA-2015:231)
Medium Nessus Plugin ID 83284
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated perl-XML-LibXML package fixes security vulnerability :
Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used (CVE-2015-3451).
SolutionUpdate the affected perl-XML-LibXML package.