LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:023: libxml2 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in libxml2: It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:023
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : February 22, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in libxml2:
 
 It was found that the hashing routine used by libxml2 arrays was
 susceptible to predictable hash collisions. Sending a specially-crafted
 message to an XML service could result in longer processing time,
 which could lead to a denial of service. To mitigate this issue,
 randomization has been added to the hashing function to reduce the
 chance of an attacker successfully causing intentional collisions
 (CVE-2012-0841).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
 https://bugzilla.redhat.com/show_bug.cgi?id=787067
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 c4a4de644600e3b89dedd642bc7606a1  2010.1/i586/libxml2_2-2.7.7-1.7mdv2010.2.i586.rpm
 b1160c067c0b7b50bfebb9adac8769b3  2010.1/i586/libxml2-devel-2.7.7-1.7mdv2010.2.i586.rpm
 e94d565354634255f818468319649dde  2010.1/i586/libxml2-python-2.7.7-1.7mdv2010.2.i586.rpm
 aa3315322ccbccc48055f2e8860b7868  2010.1/i586/libxml2-utils-2.7.7-1.7mdv2010.2.i586.rpm 
 ead392e09e89f2011263d05c99fa434b  2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 4f1ba56596e1ba6119a234e7389bc58e  2010.1/x86_64/lib64xml2_2-2.7.7-1.7mdv2010.2.x86_64.rpm
 582599db10d8e84e864463e8ff6fb07a  2010.1/x86_64/lib64xml2-devel-2.7.7-1.7mdv2010.2.x86_64.rpm
 b064e3da97a8c6a0810e375e1ae3e81c  2010.1/x86_64/libxml2-python-2.7.7-1.7mdv2010.2.x86_64.rpm
 b321e028246266da82411f9fdd49c74e  2010.1/x86_64/libxml2-utils-2.7.7-1.7mdv2010.2.x86_64.rpm 
 ead392e09e89f2011263d05c99fa434b  2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm

 Mandriva Linux 2011:
 9893954628d54b7bd22afe4aab629ef5  2011/i586/libxml2_2-2.7.8-6.5-mdv2011.0.i586.rpm
 908b43d457870436b177460b524aa281  2011/i586/libxml2-devel-2.7.8-6.5-mdv2011.0.i586.rpm
 0fe2037a51ef9a76dff60d3781ca2181  2011/i586/libxml2-python-2.7.8-6.5-mdv2011.0.i586.rpm
 062865bcf995d61848d2686f8d73a910  2011/i586/libxml2-utils-2.7.8-6.5-mdv2011.0.i586.rpm 
 af4ed80cff9385a905711d137b278ebd  2011/SRPMS/libxml2-2.7.8-6.5.src.rpm

 Mandriva Linux 2011/X86_64:
 ff02a21cf286b1ef892e90a95cb3816b  2011/x86_64/lib64xml2_2-2.7.8-6.5-mdv2011.0.x86_64.rpm
 e038a8a0f4d667e886337b71675e43bf  2011/x86_64/lib64xml2-devel-2.7.8-6.5-mdv2011.0.x86_64.rpm
 8b71ca0b796535eeba859405150ecdb1  2011/x86_64/libxml2-python-2.7.8-6.5-mdv2011.0.x86_64.rpm
 735d2815d09981de741cd8f145125b14  2011/x86_64/libxml2-utils-2.7.8-6.5-mdv2011.0.x86_64.rpm 
 af4ed80cff9385a905711d137b278ebd  2011/SRPMS/libxml2-2.7.8-6.5.src.rpm

 Mandriva Enterprise Server 5:
 99e5f8322dc90c2e56ceba63b2ed8fe1  mes5/i586/libxml2_2-2.7.1-1.11mdvmes5.2.i586.rpm
 d45b4507df61ebb818c610a6d8b3f171  mes5/i586/libxml2-devel-2.7.1-1.11mdvmes5.2.i586.rpm
 a2ccad748424c026aab45f4737cbc83f  mes5/i586/libxml2-python-2.7.1-1.11mdvmes5.2.i586.rpm
 41332d41df915e790b7802609345f91f  mes5/i586/libxml2-utils-2.7.1-1.11mdvmes5.2.i586.rpm 
 445537aab89c781bbaff02b0aa03460b  mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 76ef432df24b061b2458779ccfe04dcb  mes5/x86_64/lib64xml2_2-2.7.1-1.11mdvmes5.2.x86_64.rpm
 80a62a0e00e71223f1b88225c7c10ebe  mes5/x86_64/lib64xml2-devel-2.7.1-1.11mdvmes5.2.x86_64.rpm
 674a35a706c833b0594c0cb5491b7bc0  mes5/x86_64/libxml2-python-2.7.1-1.11mdvmes5.2.x86_64.rpm
 b76d3ed47e2f3c7c680f476ddb5e31d0  mes5/x86_64/libxml2-utils-2.7.1-1.11mdvmes5.2.x86_64.rpm 
 445537aab89c781bbaff02b0aa03460b  mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.