U radu programskog paketa libxml2 otkriven je i ispravljen sigurnosni propust. Udaljeni ga napadač može iskoristiti za izvođenje napada uskraćivanjem usluge (eng. Denial of Service).
Paket:
libxml 2.x
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0841
Izvorni ID preporuke:
MDVSA-2012:023
Izvor:
Mandriva
Problem:
Problem nastaje jer je program za izračunavanje kriptografskog sažetka podložan predvidljivoj hash koliziji.
Posljedica:
Napadaču omogućuje izvođenje DoS napada (eng. Denial of Service).
Rješenje:
Korisnicima se savjetuje instalacija ispravljenih inačica.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:023
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : February 22, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in libxml2:
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time,
which could lead to a denial of service. To mitigate this issue,
randomization has been added to the hashing function to reduce the
chance of an attacker successfully causing intentional collisions
(CVE-2012-0841).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
https://bugzilla.redhat.com/show_bug.cgi?id=787067
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
c4a4de644600e3b89dedd642bc7606a1
2010.1/i586/libxml2_2-2.7.7-1.7mdv2010.2.i586.rpm
b1160c067c0b7b50bfebb9adac8769b3
2010.1/i586/libxml2-devel-2.7.7-1.7mdv2010.2.i586.rpm
e94d565354634255f818468319649dde
2010.1/i586/libxml2-python-2.7.7-1.7mdv2010.2.i586.rpm
aa3315322ccbccc48055f2e8860b7868
2010.1/i586/libxml2-utils-2.7.7-1.7mdv2010.2.i586.rpm
ead392e09e89f2011263d05c99fa434b
2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
4f1ba56596e1ba6119a234e7389bc58e
2010.1/x86_64/lib64xml2_2-2.7.7-1.7mdv2010.2.x86_64.rpm
582599db10d8e84e864463e8ff6fb07a
2010.1/x86_64/lib64xml2-devel-2.7.7-1.7mdv2010.2.x86_64.rpm
b064e3da97a8c6a0810e375e1ae3e81c
2010.1/x86_64/libxml2-python-2.7.7-1.7mdv2010.2.x86_64.rpm
b321e028246266da82411f9fdd49c74e
2010.1/x86_64/libxml2-utils-2.7.7-1.7mdv2010.2.x86_64.rpm
ead392e09e89f2011263d05c99fa434b
2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm
Mandriva Linux 2011:
9893954628d54b7bd22afe4aab629ef5
2011/i586/libxml2_2-2.7.8-6.5-mdv2011.0.i586.rpm
908b43d457870436b177460b524aa281
2011/i586/libxml2-devel-2.7.8-6.5-mdv2011.0.i586.rpm
0fe2037a51ef9a76dff60d3781ca2181
2011/i586/libxml2-python-2.7.8-6.5-mdv2011.0.i586.rpm
062865bcf995d61848d2686f8d73a910
2011/i586/libxml2-utils-2.7.8-6.5-mdv2011.0.i586.rpm
af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm
Mandriva Linux 2011/X86_64:
ff02a21cf286b1ef892e90a95cb3816b
2011/x86_64/lib64xml2_2-2.7.8-6.5-mdv2011.0.x86_64.rpm
e038a8a0f4d667e886337b71675e43bf
2011/x86_64/lib64xml2-devel-2.7.8-6.5-mdv2011.0.x86_64.rpm
8b71ca0b796535eeba859405150ecdb1
2011/x86_64/libxml2-python-2.7.8-6.5-mdv2011.0.x86_64.rpm
735d2815d09981de741cd8f145125b14
2011/x86_64/libxml2-utils-2.7.8-6.5-mdv2011.0.x86_64.rpm
af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm
Mandriva Enterprise Server 5:
99e5f8322dc90c2e56ceba63b2ed8fe1
mes5/i586/libxml2_2-2.7.1-1.11mdvmes5.2.i586.rpm
d45b4507df61ebb818c610a6d8b3f171
mes5/i586/libxml2-devel-2.7.1-1.11mdvmes5.2.i586.rpm
a2ccad748424c026aab45f4737cbc83f
mes5/i586/libxml2-python-2.7.1-1.11mdvmes5.2.i586.rpm
41332d41df915e790b7802609345f91f
mes5/i586/libxml2-utils-2.7.1-1.11mdvmes5.2.i586.rpm
445537aab89c781bbaff02b0aa03460b
mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
76ef432df24b061b2458779ccfe04dcb
mes5/x86_64/lib64xml2_2-2.7.1-1.11mdvmes5.2.x86_64.rpm
80a62a0e00e71223f1b88225c7c10ebe
mes5/x86_64/lib64xml2-devel-2.7.1-1.11mdvmes5.2.x86_64.rpm
674a35a706c833b0594c0cb5491b7bc0
mes5/x86_64/libxml2-python-2.7.1-1.11mdvmes5.2.x86_64.rpm
b76d3ed47e2f3c7c680f476ddb5e31d0
mes5/x86_64/libxml2-utils-2.7.1-1.11mdvmes5.2.x86_64.rpm
445537aab89c781bbaff02b0aa03460b
mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPRL2EmqjQ0CJFipgRAjOAAJ9Tpqp5UVFXxKhmCvd9yy+zQ1x9MACgko5e
cwcsWVBoqvTyL43hjW11YFU=
=gV7B
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke