CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
82.9%
CentOS Errata and Security Advisory CESA-2012:0324
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time, which
could lead to a denial of service. To mitigate this issue, randomization
has been added to the hashing function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2012-0841)
All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-February/080612.html
Affected packages:
libxml2
libxml2-devel
libxml2-python
libxml2-static
Upstream details at:
https://access.redhat.com/errata/RHSA-2012:0324
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | libxml2 | < 2.7.6-4.el6_2.4 | libxml2-2.7.6-4.el6_2.4.i686.rpm |
CentOS | 6 | i686 | libxml2-devel | < 2.7.6-4.el6_2.4 | libxml2-devel-2.7.6-4.el6_2.4.i686.rpm |
CentOS | 6 | i686 | libxml2-python | < 2.7.6-4.el6_2.4 | libxml2-python-2.7.6-4.el6_2.4.i686.rpm |
CentOS | 6 | i686 | libxml2-static | < 2.7.6-4.el6_2.4 | libxml2-static-2.7.6-4.el6_2.4.i686.rpm |
CentOS | 6 | i686 | libxml2 | < 2.7.6-4.el6_2.4 | libxml2-2.7.6-4.el6_2.4.i686.rpm |
CentOS | 6 | x86_64 | libxml2 | < 2.7.6-4.el6_2.4 | libxml2-2.7.6-4.el6_2.4.x86_64.rpm |
CentOS | 6 | i686 | libxml2-devel | < 2.7.6-4.el6_2.4 | libxml2-devel-2.7.6-4.el6_2.4.i686.rpm |
CentOS | 6 | x86_64 | libxml2-devel | < 2.7.6-4.el6_2.4 | libxml2-devel-2.7.6-4.el6_2.4.x86_64.rpm |
CentOS | 6 | x86_64 | libxml2-python | < 2.7.6-4.el6_2.4 | libxml2-python-2.7.6-4.el6_2.4.x86_64.rpm |
CentOS | 6 | x86_64 | libxml2-static | < 2.7.6-4.el6_2.4 | libxml2-static-2.7.6-4.el6_2.4.x86_64.rpm |