[xml/sgml-pkgs] Bug#660846: libxml2: CVE-2012-0841 computational DoS attack via hash collisions
Nico Golde
nion at debian.org
Wed Feb 22 09:59:50 UTC 2012
Source: libxml2
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxml2.
CVE-2012-0841[0]:
| Juraj Somorovsky reported that certain XML parsers/servers are affected by the
| same, or similar, flaw as the hash table collisions CPU usage denial of
| service. Sending a specially crafted message to an XML service can result in
| longer processing time, which could lead to a denial of service. It is
| reported that this attack on XML can be applied on different XML nodes (such as
| entities, element attributes, namespaces, various elements in the XML security,
| etc.).
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Patch: http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://security-tracker.debian.org/tracker/CVE-2012-0841
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20120222/99ce07f2/attachment.pgp>
More information about the debian-xml-sgml-pkgs
mailing list