PublicDateAtUSN: 2012-02-22
Candidate: CVE-2012-0841
PublicDate: 2012-12-21 05:46:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
 http://www.openwall.com/lists/oss-security/2012/02/22/1
 https://ubuntu.com/security/notices/USN-1376-1
Description:
 libxml2 before 2.8.0 computes hash values without restricting the ability
 to trigger hash collisions predictably, which allows context-dependent
 attackers to cause a denial of service (CPU consumption) via crafted XML
 data.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846
 https://bugzilla.redhat.com/show_bug.cgi?id=787067
Priority: medium
Discovered-by: Juraj Somorovsky
Assigned-to: jdstrand
CVSS: 

Patches_libxml2:
 other: http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
 vendor: http://www.debian.org/security/2012/dsa-2417
 vendor: https://rhn.redhat.com/errata/RHSA-2012-0324.html
upstream_libxml2: needs-triage
hardy_libxml2: released (2.6.31.dfsg-2ubuntu1.8)
lucid_libxml2: released (2.7.6.dfsg-1ubuntu1.4)
maverick_libxml2: released (2.7.7.dfsg-4ubuntu0.4)
natty_libxml2: released (2.7.8.dfsg-2ubuntu0.3)
oneiric_libxml2: released (2.7.8.dfsg-4ubuntu0.2)
devel_libxml2: released (2.7.8.dfsg-5.1ubuntu4)