Red Hat Bugzilla – Bug 999687
CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption
Last modified: 2015-11-05 04:10:21 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4701 to
the following vulnerability:
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows
remote attackers to read arbitrary files, send HTTP requests to
intranet servers, or cause a denial of service (CPU and memory
consumption) via XRDS data containing an external entity declaration
in conjunction with an entity reference, related to an XML External
Entity (XXE) issue.
Created php-pear-Auth-OpenID tracking bugs for this issue:
Affects: fedora-all [bug 999688]
php-pear-Auth-OpenID-2.2.2-7.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
php-pear-Auth-OpenID-2.2.2-7.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
php-pear-Auth-OpenID-2.2.2-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.