Date: Wed, 22 Feb 2012 11:14:36 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: libxml2: hash table collisions CPU usage DoS Juraj Somorovsky reported that certain XML parsers/servers are affected by the same, or similar, flaw as the hash table collisions CPU usage denial of service. Sending a specially crafted message to an XML service can result in longer processing time, which could lead to a denial of service. It is reported that this attack on XML can be applied on different XML nodes (such as entities, element attributes, namespaces, various elements in the XML security, etc.). Reference: https://bugzilla.redhat.com/show_bug.cgi?id=787067 https://rhn.redhat.com/errata/RHSA-2012-0324.html Patch: http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a This has been assigned CVE-2012-0841 -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ