lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1S0C6z-00022F-20@titan.mandriva.com>
Date: Wed, 22 Feb 2012 14:20:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:023 ] libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:023
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : February 22, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in libxml2:
 
 It was found that the hashing routine used by libxml2 arrays was
 susceptible to predictable hash collisions. Sending a specially-crafted
 message to an XML service could result in longer processing time,
 which could lead to a denial of service. To mitigate this issue,
 randomization has been added to the hashing function to reduce the
 chance of an attacker successfully causing intentional collisions
 (CVE-2012-0841).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
 https://bugzilla.redhat.com/show_bug.cgi?id=787067
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 c4a4de644600e3b89dedd642bc7606a1  2010.1/i586/libxml2_2-2.7.7-1.7mdv2010.2.i586.rpm
 b1160c067c0b7b50bfebb9adac8769b3  2010.1/i586/libxml2-devel-2.7.7-1.7mdv2010.2.i586.rpm
 e94d565354634255f818468319649dde  2010.1/i586/libxml2-python-2.7.7-1.7mdv2010.2.i586.rpm
 aa3315322ccbccc48055f2e8860b7868  2010.1/i586/libxml2-utils-2.7.7-1.7mdv2010.2.i586.rpm 
 ead392e09e89f2011263d05c99fa434b  2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 4f1ba56596e1ba6119a234e7389bc58e  2010.1/x86_64/lib64xml2_2-2.7.7-1.7mdv2010.2.x86_64.rpm
 582599db10d8e84e864463e8ff6fb07a  2010.1/x86_64/lib64xml2-devel-2.7.7-1.7mdv2010.2.x86_64.rpm
 b064e3da97a8c6a0810e375e1ae3e81c  2010.1/x86_64/libxml2-python-2.7.7-1.7mdv2010.2.x86_64.rpm
 b321e028246266da82411f9fdd49c74e  2010.1/x86_64/libxml2-utils-2.7.7-1.7mdv2010.2.x86_64.rpm 
 ead392e09e89f2011263d05c99fa434b  2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm

 Mandriva Linux 2011:
 9893954628d54b7bd22afe4aab629ef5  2011/i586/libxml2_2-2.7.8-6.5-mdv2011.0.i586.rpm
 908b43d457870436b177460b524aa281  2011/i586/libxml2-devel-2.7.8-6.5-mdv2011.0.i586.rpm
 0fe2037a51ef9a76dff60d3781ca2181  2011/i586/libxml2-python-2.7.8-6.5-mdv2011.0.i586.rpm
 062865bcf995d61848d2686f8d73a910  2011/i586/libxml2-utils-2.7.8-6.5-mdv2011.0.i586.rpm 
 af4ed80cff9385a905711d137b278ebd  2011/SRPMS/libxml2-2.7.8-6.5.src.rpm

 Mandriva Linux 2011/X86_64:
 ff02a21cf286b1ef892e90a95cb3816b  2011/x86_64/lib64xml2_2-2.7.8-6.5-mdv2011.0.x86_64.rpm
 e038a8a0f4d667e886337b71675e43bf  2011/x86_64/lib64xml2-devel-2.7.8-6.5-mdv2011.0.x86_64.rpm
 8b71ca0b796535eeba859405150ecdb1  2011/x86_64/libxml2-python-2.7.8-6.5-mdv2011.0.x86_64.rpm
 735d2815d09981de741cd8f145125b14  2011/x86_64/libxml2-utils-2.7.8-6.5-mdv2011.0.x86_64.rpm 
 af4ed80cff9385a905711d137b278ebd  2011/SRPMS/libxml2-2.7.8-6.5.src.rpm

 Mandriva Enterprise Server 5:
 99e5f8322dc90c2e56ceba63b2ed8fe1  mes5/i586/libxml2_2-2.7.1-1.11mdvmes5.2.i586.rpm
 d45b4507df61ebb818c610a6d8b3f171  mes5/i586/libxml2-devel-2.7.1-1.11mdvmes5.2.i586.rpm
 a2ccad748424c026aab45f4737cbc83f  mes5/i586/libxml2-python-2.7.1-1.11mdvmes5.2.i586.rpm
 41332d41df915e790b7802609345f91f  mes5/i586/libxml2-utils-2.7.1-1.11mdvmes5.2.i586.rpm 
 445537aab89c781bbaff02b0aa03460b  mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 76ef432df24b061b2458779ccfe04dcb  mes5/x86_64/lib64xml2_2-2.7.1-1.11mdvmes5.2.x86_64.rpm
 80a62a0e00e71223f1b88225c7c10ebe  mes5/x86_64/lib64xml2-devel-2.7.1-1.11mdvmes5.2.x86_64.rpm
 674a35a706c833b0594c0cb5491b7bc0  mes5/x86_64/libxml2-python-2.7.1-1.11mdvmes5.2.x86_64.rpm
 b76d3ed47e2f3c7c680f476ddb5e31d0  mes5/x86_64/libxml2-utils-2.7.1-1.11mdvmes5.2.x86_64.rpm 
 445537aab89c781bbaff02b0aa03460b  mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPRL2EmqjQ0CJFipgRAjOAAJ9Tpqp5UVFXxKhmCvd9yy+zQ1x9MACgko5e
cwcsWVBoqvTyL43hjW11YFU=
=gV7B
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ