Arch Linux Security Advisory ASA-201504-32 ========================================= Severity: low Date : 2015-04-30 CVE-ID : CVE-2015-3451 Package : perl-xml-libxml Type : XML External Entity Remote : yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package perl-xml-libxml before version 2.0119-1 is vulnerable to a XML-External-Entity-Vulnerability. Resolution ========== Upgrade to 2.0119-1 # pacman -Syu "perl-xml-libxml>=2.0119-1" The problem has been fixed upstream in version 2.0119. Workaround ========== None. Description =========== Unpreserved unset options after a _clone() call (e.g: in load_xml()) leads to not preserved expand_entities. Therefore it leads to a XML-External-Entity Vulnerability. Impact ====== This vulnerability may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts. References ========== http://www.openwall.com/lists/oss-security/2015/04/30/1 https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e946... http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes