Red Hat Customer Portal

Skip to main content

Security Advisory Moderate: libxml2 security update

Advisory: RHSA-2014:1885-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-11-20
Last updated on: 2014-11-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2014-3660

Details

Updated libxml2 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

The libxml2 library is a development toolbox providing the implementation
of various XML standards.

A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an application
using libxml2, would lead to excessive CPU consumption (denial of service)
based on excessive entity substitutions, even if entity substitution was
disabled, which is the parser default behavior. (CVE-2014-3660)

All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
libxml2-2.6.26-2.1.25.el5_11.src.rpm     MD5: 3663802328b7c8caab7e81fc7c45b839
SHA-256: d61bb7758db16343c6c383491ee028bb42b5ecd505baa4aef246e4147da9829b
 
IA-32:
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm     MD5: e9a72f1e0fb4eca108e88bfab271716f
SHA-256: 46cd6166a42594c98cf3266d12e617df6ccc3e80556983560c638c23bec6ecda
 
x86_64:
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 98cb84947d8385c90f4243a45f6a5b8c
SHA-256: 70e6c9ad0dae80648561635ae35d21d09152b995d517cfa65a9463edc960346c
libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm     MD5: e9a72f1e0fb4eca108e88bfab271716f
SHA-256: 46cd6166a42594c98cf3266d12e617df6ccc3e80556983560c638c23bec6ecda
libxml2-devel-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: f8a8126ed67cda2b23209f94113900c5
SHA-256: b9476b2ebcb2c2a2448e3afeb4a5b1cf0a370b42ca8745e4bd5aa58dc1b89179
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
libxml2-2.6.26-2.1.25.el5_11.src.rpm     MD5: 3663802328b7c8caab7e81fc7c45b839
SHA-256: d61bb7758db16343c6c383491ee028bb42b5ecd505baa4aef246e4147da9829b
 
IA-32:
libxml2-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cf20d11db91435771624e508d00aefdf
SHA-256: 78d746409f44bbd0dd88edb827fee6ecf43ad079ac39ffbd759aa653d0475db5
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm     MD5: e9a72f1e0fb4eca108e88bfab271716f
SHA-256: 46cd6166a42594c98cf3266d12e617df6ccc3e80556983560c638c23bec6ecda
libxml2-python-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cd1bf036b97270b3ee1754ccd4f2e7a5
SHA-256: 65fc397bbe46321c9457b16cf458cc4f2fac5195fcd310712e0ae910594f046c
 
IA-64:
libxml2-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cf20d11db91435771624e508d00aefdf
SHA-256: 78d746409f44bbd0dd88edb827fee6ecf43ad079ac39ffbd759aa653d0475db5
libxml2-2.6.26-2.1.25.el5_11.ia64.rpm     MD5: 31c375bea2eace674799c5946334c6b1
SHA-256: f7a956fae39dc2dce1226f8f80ab25bb56053ce8b0e994b466758de1585090da
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-debuginfo-2.6.26-2.1.25.el5_11.ia64.rpm     MD5: 51806fab5c5e23aa03445a39e22c3cbb
SHA-256: 74563e66a79629353d1592d86b1f0bd908e7222f9ada96c1afd8c4f5d9ebb3fd
libxml2-devel-2.6.26-2.1.25.el5_11.ia64.rpm     MD5: 7d09597c1ec1a645f6df10b824dba911
SHA-256: ce21fcb08aaa8c8215a75c2dcaef31ccd92ea1c7d588367cc7200b974d49610d
libxml2-python-2.6.26-2.1.25.el5_11.ia64.rpm     MD5: 91ee346869383b4757c0d9eeb2dfad40
SHA-256: 623f98488e56920fc5c8fa7208176beaca703eaf2e241ad81743cc517b86e6fd
 
PPC:
libxml2-2.6.26-2.1.25.el5_11.ppc.rpm     MD5: 0d5804c7b02c2600abec4662b6857161
SHA-256: e3b14cbb7c60e7d60e33dcd1a703a80b727011e645e05197f7bc6a8ffc201d9b
libxml2-2.6.26-2.1.25.el5_11.ppc64.rpm     MD5: 1cb96a7a0b7ee15845fb19399fb55f50
SHA-256: ece127b76224709ed78ed382b9bcd5dcdc1ec054c1bbad40455ef518b02a3c70
libxml2-debuginfo-2.6.26-2.1.25.el5_11.ppc.rpm     MD5: 18e4421faa629efff6d24c54eaa329e9
SHA-256: e54f3a4d0f4ba5ae7a10988b61218811ff8cff265a03b73cc1180268a7d9d550
libxml2-debuginfo-2.6.26-2.1.25.el5_11.ppc64.rpm     MD5: 63d1a6772cd520fcc2a7db66e6044503
SHA-256: 9bec5d3edb2c6db9fc0e87281ce6bbac2bee50a2ee229806b1c08df7103043b6
libxml2-devel-2.6.26-2.1.25.el5_11.ppc.rpm     MD5: 44853fddad620562365949a8389513d7
SHA-256: 653f34d0d39c8d0ac0c8fa6b2511ca6c5d6422bed191632311a4836455bf212b
libxml2-devel-2.6.26-2.1.25.el5_11.ppc64.rpm     MD5: adfe5db29867e6312dca3ef92875779f
SHA-256: 944b0b0d69a31675fb6623f5252aee11a412307345d0f344a516bacf5cdaa7f8
libxml2-python-2.6.26-2.1.25.el5_11.ppc.rpm     MD5: d587486eb554d7300a0521782e77d9d2
SHA-256: 8c69aab6ef808397fb3e1424d14d2be0bd3ff7ba460a72dd8293798bc7079475
 
s390x:
libxml2-2.6.26-2.1.25.el5_11.s390.rpm     MD5: a0927d0eb93e4ac238a5c2bfa0ec15b1
SHA-256: 6fdc51ed8a8db11986cd83fddf484dd6a8de5a6d30655b5e6c126cf32570c9cf
libxml2-2.6.26-2.1.25.el5_11.s390x.rpm     MD5: 37eb3ca27bfdccce894e40efea58e54d
SHA-256: 1fc573a90e4b4cab30d4c269d09e1afccdd49f46c7bc1afd7166c09445a5eb0b
libxml2-debuginfo-2.6.26-2.1.25.el5_11.s390.rpm     MD5: fd8ab2e6667aa9a93aca933106533a3a
SHA-256: 327716763bb5953179cb7692c0ecd788a12f68b9010ce22af5c39c667520b129
libxml2-debuginfo-2.6.26-2.1.25.el5_11.s390x.rpm     MD5: 88fb09e1bb1b36cde0624f9e546d94c2
SHA-256: 40e31ee097b1370360d0d023e6f0da6afb07f6e9eb554420a9ef68529add0f70
libxml2-devel-2.6.26-2.1.25.el5_11.s390.rpm     MD5: 9f10c6ce2ef54f2b59d8ef871ac7ba4a
SHA-256: 167cf5a6366154adf9617d1f92d894754f14712d0be14ac76f9a1befc304880e
libxml2-devel-2.6.26-2.1.25.el5_11.s390x.rpm     MD5: 6f74c3b4cc20a7702bf180abf08974b9
SHA-256: 7a70a3295f2e08f8261c4ad4f1bdd0ce17397969e7c951bc7e7b43ccfc8e8527
libxml2-python-2.6.26-2.1.25.el5_11.s390x.rpm     MD5: 6c0c00082a9f88611d317c7339321603
SHA-256: a6eaded0ac4a183d8616d87f8bb619824a07f47590315d51bf313c2e12cbdf47
 
x86_64:
libxml2-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cf20d11db91435771624e508d00aefdf
SHA-256: 78d746409f44bbd0dd88edb827fee6ecf43ad079ac39ffbd759aa653d0475db5
libxml2-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 5d678cfd547df028c6b25ac24cafce9a
SHA-256: 1de2a310e9dda0a26ef6731aff90c69acb589a3ed5a4b43690187624ca82eb6b
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 98cb84947d8385c90f4243a45f6a5b8c
SHA-256: 70e6c9ad0dae80648561635ae35d21d09152b995d517cfa65a9463edc960346c
libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm     MD5: e9a72f1e0fb4eca108e88bfab271716f
SHA-256: 46cd6166a42594c98cf3266d12e617df6ccc3e80556983560c638c23bec6ecda
libxml2-devel-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: f8a8126ed67cda2b23209f94113900c5
SHA-256: b9476b2ebcb2c2a2448e3afeb4a5b1cf0a370b42ca8745e4bd5aa58dc1b89179
libxml2-python-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 720d253fd81a9266cbbb78f10843a95f
SHA-256: f1eb31bba78d36caab8e783c0fe2febc1427688ae51e57fbc32e548b22dc88a4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
libxml2-2.6.26-2.1.25.el5_11.src.rpm     MD5: 3663802328b7c8caab7e81fc7c45b839
SHA-256: d61bb7758db16343c6c383491ee028bb42b5ecd505baa4aef246e4147da9829b
 
IA-32:
libxml2-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cf20d11db91435771624e508d00aefdf
SHA-256: 78d746409f44bbd0dd88edb827fee6ecf43ad079ac39ffbd759aa653d0475db5
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-python-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cd1bf036b97270b3ee1754ccd4f2e7a5
SHA-256: 65fc397bbe46321c9457b16cf458cc4f2fac5195fcd310712e0ae910594f046c
 
x86_64:
libxml2-2.6.26-2.1.25.el5_11.i386.rpm     MD5: cf20d11db91435771624e508d00aefdf
SHA-256: 78d746409f44bbd0dd88edb827fee6ecf43ad079ac39ffbd759aa653d0475db5
libxml2-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 5d678cfd547df028c6b25ac24cafce9a
SHA-256: 1de2a310e9dda0a26ef6731aff90c69acb589a3ed5a4b43690187624ca82eb6b
libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm     MD5: 251833b15122cd199a4e581498dfa7ae
SHA-256: 2b70c3aaf614d078ee8ce4ad6d9d773379db4b7c9c930e0441918845838bb1cb
libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 98cb84947d8385c90f4243a45f6a5b8c
SHA-256: 70e6c9ad0dae80648561635ae35d21d09152b995d517cfa65a9463edc960346c
libxml2-python-2.6.26-2.1.25.el5_11.x86_64.rpm     MD5: 720d253fd81a9266cbbb78f10843a95f
SHA-256: f1eb31bba78d36caab8e783c0fe2febc1427688ae51e57fbc32e548b22dc88a4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1149084 - CVE-2014-3660 libxml2: denial of service via recursive entity expansion


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/