CVE-2012-0841

Priority
Medium
Description
libxml2 before 2.8.0 computes hash values without restricting the ability
to trigger hash collisions predictably, which allows context-dependent
attackers to cause a denial of service (CPU consumption) via crafted XML
data.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://www.openwall.com/lists/oss-security/2012/02/22/1
http://www.ubuntu.com/usn/usn-1376-1
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846
https://bugzilla.redhat.com/show_bug.cgi?id=787067
Assigned-to
jdstrand
Package
Source: libxml2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.31.dfsg-2ubuntu1.8)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.7.6.dfsg-1ubuntu1.4)
Ubuntu 11.10 (Oneiric Ocelot):released (2.7.8.dfsg-4ubuntu0.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4)
Patches:
Patch:http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
Vendor:http://www.debian.org/security/2012/dsa-2417
Vendor:https://rhn.redhat.com/errata/RHSA-2012-0324.html
More Information

Valid XHTML 1.0 Strict

Updated: 2013-01-04 02:14:33 UTC (commit 6238)