IBM1A76084E77C86C1F4B7318A85A329C7046613D89AE99AAE3237475EF94445EA8Security Bulletin: PowerKVM is affected by a libxml2 vulnerability (CVE-2014-0191)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Summary
PowerKVM is affected by libxml vulnerability CVE-2014-0191.
Vulnerability Details
CVEID: CVE-2014-0191**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference() function. A remote attacker could exploit this vulnerability using a specially-crafted XML document containing malicious attributes to consume all available CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93092 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Effective CVSS Score: 5.00
Affected Products and Versions
PowerKVM 2.1
Remediation/Fixes
Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 SP2 (build 51) and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.
Workarounds and Mitigations
none
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P