Mandriva Linux Security Advisory 2012-023 - It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. The updated packages have been patched to correct this issue.
11f7dad26c9da70df5a6e937277e758f721a83530bf66fef369c67b2ce222427
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:023
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : February 22, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in libxml2:
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time,
which could lead to a denial of service. To mitigate this issue,
randomization has been added to the hashing function to reduce the
chance of an attacker successfully causing intentional collisions
(CVE-2012-0841).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
https://bugzilla.redhat.com/show_bug.cgi?id=787067
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
c4a4de644600e3b89dedd642bc7606a1 2010.1/i586/libxml2_2-2.7.7-1.7mdv2010.2.i586.rpm
b1160c067c0b7b50bfebb9adac8769b3 2010.1/i586/libxml2-devel-2.7.7-1.7mdv2010.2.i586.rpm
e94d565354634255f818468319649dde 2010.1/i586/libxml2-python-2.7.7-1.7mdv2010.2.i586.rpm
aa3315322ccbccc48055f2e8860b7868 2010.1/i586/libxml2-utils-2.7.7-1.7mdv2010.2.i586.rpm
ead392e09e89f2011263d05c99fa434b 2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
4f1ba56596e1ba6119a234e7389bc58e 2010.1/x86_64/lib64xml2_2-2.7.7-1.7mdv2010.2.x86_64.rpm
582599db10d8e84e864463e8ff6fb07a 2010.1/x86_64/lib64xml2-devel-2.7.7-1.7mdv2010.2.x86_64.rpm
b064e3da97a8c6a0810e375e1ae3e81c 2010.1/x86_64/libxml2-python-2.7.7-1.7mdv2010.2.x86_64.rpm
b321e028246266da82411f9fdd49c74e 2010.1/x86_64/libxml2-utils-2.7.7-1.7mdv2010.2.x86_64.rpm
ead392e09e89f2011263d05c99fa434b 2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm
Mandriva Linux 2011:
9893954628d54b7bd22afe4aab629ef5 2011/i586/libxml2_2-2.7.8-6.5-mdv2011.0.i586.rpm
908b43d457870436b177460b524aa281 2011/i586/libxml2-devel-2.7.8-6.5-mdv2011.0.i586.rpm
0fe2037a51ef9a76dff60d3781ca2181 2011/i586/libxml2-python-2.7.8-6.5-mdv2011.0.i586.rpm
062865bcf995d61848d2686f8d73a910 2011/i586/libxml2-utils-2.7.8-6.5-mdv2011.0.i586.rpm
af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm
Mandriva Linux 2011/X86_64:
ff02a21cf286b1ef892e90a95cb3816b 2011/x86_64/lib64xml2_2-2.7.8-6.5-mdv2011.0.x86_64.rpm
e038a8a0f4d667e886337b71675e43bf 2011/x86_64/lib64xml2-devel-2.7.8-6.5-mdv2011.0.x86_64.rpm
8b71ca0b796535eeba859405150ecdb1 2011/x86_64/libxml2-python-2.7.8-6.5-mdv2011.0.x86_64.rpm
735d2815d09981de741cd8f145125b14 2011/x86_64/libxml2-utils-2.7.8-6.5-mdv2011.0.x86_64.rpm
af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm
Mandriva Enterprise Server 5:
99e5f8322dc90c2e56ceba63b2ed8fe1 mes5/i586/libxml2_2-2.7.1-1.11mdvmes5.2.i586.rpm
d45b4507df61ebb818c610a6d8b3f171 mes5/i586/libxml2-devel-2.7.1-1.11mdvmes5.2.i586.rpm
a2ccad748424c026aab45f4737cbc83f mes5/i586/libxml2-python-2.7.1-1.11mdvmes5.2.i586.rpm
41332d41df915e790b7802609345f91f mes5/i586/libxml2-utils-2.7.1-1.11mdvmes5.2.i586.rpm
445537aab89c781bbaff02b0aa03460b mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
76ef432df24b061b2458779ccfe04dcb mes5/x86_64/lib64xml2_2-2.7.1-1.11mdvmes5.2.x86_64.rpm
80a62a0e00e71223f1b88225c7c10ebe mes5/x86_64/lib64xml2-devel-2.7.1-1.11mdvmes5.2.x86_64.rpm
674a35a706c833b0594c0cb5491b7bc0 mes5/x86_64/libxml2-python-2.7.1-1.11mdvmes5.2.x86_64.rpm
b76d3ed47e2f3c7c680f476ddb5e31d0 mes5/x86_64/libxml2-utils-2.7.1-1.11mdvmes5.2.x86_64.rpm
445537aab89c781bbaff02b0aa03460b mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPRL2EmqjQ0CJFipgRAjOAAJ9Tpqp5UVFXxKhmCvd9yy+zQ1x9MACgko5e
cwcsWVBoqvTyL43hjW11YFU=
=gV7B
-----END PGP SIGNATURE-----