RHSA-2012:0324

Executive Summary

Summary
Title	libxml2 security update

Informations
Name	RHSA-2012:0324	First vendor Publication	2012-02-21
Vendor	RedHat	Last vendor Modification	2012-02-21
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated libxml2 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The libxml2 library is a development toolbox providing the implementation
of various XML standards.

It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time, which
could lead to a denial of service. To mitigate this issue, randomization
has been added to the hashing function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2012-0841)

All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0324.html

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Xmlsoft libxml2 cpe:/a:xmlsoft:libxml2:2.7.8 cpe:/a:xmlsoft:libxml2:2.7.7 cpe:/a:xmlsoft:libxml2:2.7.6 cpe:/a:xmlsoft:libxml2:2.7.5 cpe:/a:xmlsoft:libxml2:2.7.4 cpe:/a:xmlsoft:libxml2:2.7.3 cpe:/a:xmlsoft:libxml2:2.7.2 cpe:/a:xmlsoft:libxml2:2.7.1 cpe:/a:xmlsoft:libxml2:2.7.0 cpe:/a:xmlsoft:libxml2:2.6.9 cpe:/a:xmlsoft:libxml2:2.6.8 cpe:/a:xmlsoft:libxml2:2.6.7 cpe:/a:xmlsoft:libxml2:2.6.6 cpe:/a:xmlsoft:libxml2:2.6.5 cpe:/a:xmlsoft:libxml2:2.6.4 cpe:/a:xmlsoft:libxml2:2.6.32 cpe:/a:xmlsoft:libxml2:2.6.31 cpe:/a:xmlsoft:libxml2:2.6.30 cpe:/a:xmlsoft:libxml2:2.6.3 cpe:/a:xmlsoft:libxml2:2.6.29 cpe:/a:xmlsoft:libxml2:2.6.28 cpe:/a:xmlsoft:libxml2:2.6.27 cpe:/a:xmlsoft:libxml2:2.6.26 cpe:/a:xmlsoft:libxml2:2.6.25 cpe:/a:xmlsoft:libxml2:2.6.24 cpe:/a:xmlsoft:libxml2:2.6.23 cpe:/a:xmlsoft:libxml2:2.6.22 cpe:/a:xmlsoft:libxml2:2.6.21 cpe:/a:xmlsoft:libxml2:2.6.20 cpe:/a:xmlsoft:libxml2:2.6.2 cpe:/a:xmlsoft:libxml2:2.6.18 cpe:/a:xmlsoft:libxml2:2.6.17 cpe:/a:xmlsoft:libxml2:2.6.16 cpe:/a:xmlsoft:libxml2:2.6.14 cpe:/a:xmlsoft:libxml2:2.6.13 cpe:/a:xmlsoft:libxml2:2.6.12 cpe:/a:xmlsoft:libxml2:2.6.11 cpe:/a:xmlsoft:libxml2:2.6.1 cpe:/a:xmlsoft:libxml2:2.6.0 cpe:/a:xmlsoft:libxml2:2.5.8 cpe:/a:xmlsoft:libxml2:2.5.7 cpe:/a:xmlsoft:libxml2:2.5.4 cpe:/a:xmlsoft:libxml2:2.5.11 cpe:/a:xmlsoft:libxml2:2.5.10 cpe:/a:xmlsoft:libxml2:2.5.0 cpe:/a:xmlsoft:libxml2:2.4.9 cpe:/a:xmlsoft:libxml2:2.4.8 cpe:/a:xmlsoft:libxml2:2.4.7 cpe:/a:xmlsoft:libxml2:2.4.6 cpe:/a:xmlsoft:libxml2:2.4.5 cpe:/a:xmlsoft:libxml2:2.4.4 cpe:/a:xmlsoft:libxml2:2.4.30 cpe:/a:xmlsoft:libxml2:2.4.3 cpe:/a:xmlsoft:libxml2:2.4.29 cpe:/a:xmlsoft:libxml2:2.4.28 cpe:/a:xmlsoft:libxml2:2.4.27 cpe:/a:xmlsoft:libxml2:2.4.26 cpe:/a:xmlsoft:libxml2:2.4.25 cpe:/a:xmlsoft:libxml2:2.4.24 cpe:/a:xmlsoft:libxml2:2.4.23 cpe:/a:xmlsoft:libxml2:2.4.22 cpe:/a:xmlsoft:libxml2:2.4.21 cpe:/a:xmlsoft:libxml2:2.4.20 cpe:/a:xmlsoft:libxml2:2.4.2 cpe:/a:xmlsoft:libxml2:2.4.19 cpe:/a:xmlsoft:libxml2:2.4.18 cpe:/a:xmlsoft:libxml2:2.4.17 cpe:/a:xmlsoft:libxml2:2.4.16 cpe:/a:xmlsoft:libxml2:2.4.15 cpe:/a:xmlsoft:libxml2:2.4.14 cpe:/a:xmlsoft:libxml2:2.4.13 cpe:/a:xmlsoft:libxml2:2.4.12 cpe:/a:xmlsoft:libxml2:2.4.11 cpe:/a:xmlsoft:libxml2:2.4.10 cpe:/a:xmlsoft:libxml2:2.4.1 cpe:/a:xmlsoft:libxml2:2.3.9 cpe:/a:xmlsoft:libxml2:2.3.8 cpe:/a:xmlsoft:libxml2:2.3.7 cpe:/a:xmlsoft:libxml2:2.3.6 cpe:/a:xmlsoft:libxml2:2.3.5 cpe:/a:xmlsoft:libxml2:2.3.4 cpe:/a:xmlsoft:libxml2:2.3.3 cpe:/a:xmlsoft:libxml2:2.3.2 cpe:/a:xmlsoft:libxml2:2.3.14 cpe:/a:xmlsoft:libxml2:2.3.13 cpe:/a:xmlsoft:libxml2:2.3.12 cpe:/a:xmlsoft:libxml2:2.3.11 cpe:/a:xmlsoft:libxml2:2.3.10 cpe:/a:xmlsoft:libxml2:2.3.1 cpe:/a:xmlsoft:libxml2:2.3.0 cpe:/a:xmlsoft:libxml2:2.2.9 cpe:/a:xmlsoft:libxml2:2.2.8 cpe:/a:xmlsoft:libxml2:2.2.7 cpe:/a:xmlsoft:libxml2:2.2.6 cpe:/a:xmlsoft:libxml2:2.2.5 cpe:/a:xmlsoft:libxml2:2.2.4 cpe:/a:xmlsoft:libxml2:2.2.3 cpe:/a:xmlsoft:libxml2:2.2.2 cpe:/a:xmlsoft:libxml2:2.2.11 cpe:/a:xmlsoft:libxml2:2.2.10 cpe:/a:xmlsoft:libxml2:2.2.1 cpe:/a:xmlsoft:libxml2:2.2.0:beta cpe:/a:xmlsoft:libxml2:2.2.0 cpe:/a:xmlsoft:libxml2:2.1.1 cpe:/a:xmlsoft:libxml2:2.1.0 cpe:/a:xmlsoft:libxml2:2.0.0 cpe:/a:xmlsoft:libxml2:1.8.9 cpe:/a:xmlsoft:libxml2:1.8.7 cpe:/a:xmlsoft:libxml2:1.8.6 cpe:/a:xmlsoft:libxml2:1.8.5 cpe:/a:xmlsoft:libxml2:1.8.4 cpe:/a:xmlsoft:libxml2:1.8.3 cpe:/a:xmlsoft:libxml2:1.8.2 cpe:/a:xmlsoft:libxml2:1.8.16 cpe:/a:xmlsoft:libxml2:1.8.14 cpe:/a:xmlsoft:libxml2:1.8.13 cpe:/a:xmlsoft:libxml2:1.8.10 cpe:/a:xmlsoft:libxml2:1.8.1 cpe:/a:xmlsoft:libxml2:1.8.0 cpe:/a:xmlsoft:libxml2:1.7.4 cpe:/a:xmlsoft:libxml2:1.7.3 cpe:/a:xmlsoft:libxml2:1.7.2 cpe:/a:xmlsoft:libxml2:1.7.1 cpe:/a:xmlsoft:libxml2:1.7.0	124

Alert History

If you want to see full details history, please login or register.

Date	Informations
2012-12-21 17:23:55	Multiple Updates
2012-12-21 13:21:10	Multiple Updates

Type	Count
CPE ID(s)	124

Related	Severity
CVE-2012-0841	(Medium)

Same Subject	Severity
Login to view 6 more Alert(s)

RHSA-2012:0324

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU