Bug 748561 (CVE-2012-0841) - VUL-0: CVE-2012-0841: libxml2: hash table collisions CPU usage DoS
Summary: VUL-0: CVE-2012-0841: libxml2: hash table collisions CPU usage DoS
Status: RESOLVED FIXED
: 826676 (view as bug list)
Alias: CVE-2012-0841
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2013-10-22
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:11.4:45707 maint:relea...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-23 09:44 UTC by Matthias Weckbecker
Modified: 2013-11-06 14:46 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-02-23 09:44:16 UTC 
libxml2 is also prone to the recently published hash table collisions attack. The following commit resolves the issue and is available at:

http://git.gnome.org/browse/libxml2/commit
?id=8973d58b7498fa5100a876815476b81fd1a2412a
Comment 1 Swamp Workflow Management 2012-02-23 09:45:09 UTC 
The SWAMPID for this issue is 45697.
This issue was rated as moderate.
Please submit fixed packages until 2012-03-08.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Bernhard Wiedemann 2012-02-23 12:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (748561) was mentioned in
https://build.opensuse.org/request/show/106625 12.1 / libxml2
https://build.opensuse.org/request/show/106627 11.4 / libxml2
Comment 3 Swamp Workflow Management 2012-03-09 10:37:44 UTC 
Update released for: libxml2, libxml2-debuginfo, libxml2-debuginfo-32bit, libxml2-debuginfo-x86, libxml2-debugsource, libxml2-devel, libxml2-doc
Products:
openSUSE 11.4 (debug, i586, x86_64)
Comment 4 Swamp Workflow Management 2012-03-28 13:08:26 UTC 
openSUSE-SU-2012:0421-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 748561
CVE References: CVE-2012-0841
Sources used:
openSUSE 12.1 (src):    libxml2-2.7.8+git20110708-3.5.1

Product List: openSUSE 12.1
Comment 7 Swamp Workflow Management 2012-05-16 17:01:15 UTC 
Update released for: libxml2, libxml2-32bit, libxml2-64bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-devel-64bit, libxml2-x86
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 8 Swamp Workflow Management 2012-05-16 18:39:23 UTC 
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-debuginfo-32bit, libxml2-debuginfo-64bit, libxml2-debuginfo-x86, libxml2-debugsource, libxml2-devel, libxml2-devel-32bit, libxml2-doc, libxml2-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 9 Marcus Meissner 2012-05-16 22:13:33 UTC 
released
Comment 10 Leonardo Chiquitto 2013-07-08 22:04:06 UTC 
*** Bug 826676 has been marked as a duplicate of this bug. ***
Comment 11 Swamp Workflow Management 2013-10-15 08:52:42 UTC 
The SWAMPID for this issue is 54710.
This issue was rated as important.
Please submit fixed packages until 2013-10-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 12 Swamp Workflow Management 2013-11-04 12:51:24 UTC 
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-python, libxml2-python-debuginfo, libxml2-test
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)