Skip to navigation

Security Advisory Important: libxml2 security update

Advisory: RHSA-2012:0017-1
Type: Security Advisory
Severity: Important
Issued on: 2012-01-11
Last updated on: 2012-01-11
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-4008
CVE-2011-0216
CVE-2011-1944
CVE-2011-2834
CVE-2011-3905
CVE-2011-3919

Details

Updated libxml2 packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The libxml2 library is a development toolbox providing the implementation
of various XML standards. One of those standards is the XML Path Language
(XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in
the way libxml2 parsed certain XML files. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libxml2 parsed certain XPath expressions. If an attacker
were able to supply a specially-crafted XML file to an application using
libxml2, as well as an XPath expression for that application to run against
the crafted file, it could cause the application to crash or, possibly,
execute arbitrary code. (CVE-2011-1944)

Flaws were found in the way libxml2 parsed certain XPath expressions. If an
attacker were able to supply a specially-crafted XML file to an application
using libxml2, as well as an XPath expression for that application to run
against the crafted file, it could cause the application to crash.
(CVE-2010-4008, CVE-2011-2834)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker
could provide a specially-crafted XML file that, when opened in an
application linked against libxml2, would cause the application to crash.
(CVE-2011-3905)

Note: Red Hat does not ship any applications that use libxml2 in a way that
would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be
exploited; however, third-party applications may allow XPath expressions to
be passed which could trigger these flaws.

Red Hat would like to thank the Google Security Team for reporting the
CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the
original reporter of CVE-2010-4008.

All users of libxml2 are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The desktop must
be restarted (log out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

IA-32:
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 73e4c8b8d73d481b6512aa489321934a
SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
 
x86_64:
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 73e4c8b8d73d481b6512aa489321934a
SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 1146117c1944f9a1a61e4c80a4ca6b02
SHA-256: 2b7279fe2cf9fce7f677171d0fb7aeee447840471471c2745b2de3cb1a1f4490
 
Red Hat Enterprise Linux (v. 5 server)

IA-32:
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 18a5066ea2bace2731557db195d566b1
SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 73e4c8b8d73d481b6512aa489321934a
SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: c6c8d306cad27b920f184c3325e5cefe
SHA-256: 286207995f1d8ec190cbd8ae0f9d83499c70c4e51d1d5fce960902f07415ed47
 
IA-64:
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 18a5066ea2bace2731557db195d566b1
SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 63a4f114e1fd7ca98e288bec19a8b000
SHA-256: c9f28907233b2597be2e75a4e92c9aaca0e1577824dc82aaef83b8a76b8316b0
libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 6d5f82e6b23abe4741816bff37412add
SHA-256: 3c0778360535cfe2ae1512ccd775d85319a6976e6d185984ae5c94569d6c2f80
libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 69425bacc1cc18c058dcbf95f53dcea9
SHA-256: 81b40afc27827bc35118c71dab58b1da335b4563ef869b214281cd234fe2e1d0
 
PPC:
libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm
File outdated by:  RHBA-2013:1123
    MD5: 6e93da1777dea27f6e9a7e2b6b70bcad
SHA-256: 7510bd9e6b2e4732c0c643d810ac462474d44903518465bfe4444ffdd85b8bd1
libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm
File outdated by:  RHBA-2013:1123
    MD5: e8df88e771ed30c94c50d24a4d8735a9
SHA-256: 09408e70084f2a67a964c8b3b1e909a2b2bd6d0e159f4b9c47fc9750b02c134d
libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm
File outdated by:  RHBA-2013:1123
    MD5: 3410911836a827818003739aa20ef400
SHA-256: 6c7daf723b9fa00521a209055d3037225f21d4b07fd942ba04a9e2e0a101df31
libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 453daec8241152b9fa4cae6e5f8d4980
SHA-256: 84030fe651b03794ed02516e99779ef7f1c18cf5aae63d3ba98b5f57a06d94a4
libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm
File outdated by:  RHBA-2013:1123
    MD5: da50a967a4d6cd8acfc11cd349f48098
SHA-256: a43eb02dbbe78e642b0fc152e9668de4ee55381a51103d1360b559c6388819c2
 
s390x:
libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm
File outdated by:  RHBA-2013:1123
    MD5: 9645dc1ee96f28a2c2fa80b620b3345e
SHA-256: 8b2fcd68ca936de60b269fee1db7b18b41265cd2e1020c7c7bb16e41704925af
libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm
File outdated by:  RHBA-2013:1123
    MD5: e70fcdcec01e62f452c628c1b53f0b0f
SHA-256: 797151d66c88668ecedf593597a0be26365ed48001af7ff849437613c7eff702
libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm
File outdated by:  RHBA-2013:1123
    MD5: a1a9a30486204c5b731d65905c2197d3
SHA-256: e17e67bc9f74e8f2a51845283ad7d99725f5e5c9b174f9933e4bccd83120e6d2
libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm
File outdated by:  RHBA-2013:1123
    MD5: cd9f90afc9135206e2baad00c2e417b8
SHA-256: 126f34df4ea20ccfba421fdf9baa81dc2032299823a533338454cfb13f654da5
libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm
File outdated by:  RHBA-2013:1123
    MD5: a78e3cfdf7f272de549ad1f78c17a3e6
SHA-256: 6f38a41a9439d189c3c0582762f72bc60213dbddadea7fe2df85a8ae5ac04065
 
x86_64:
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 18a5066ea2bace2731557db195d566b1
SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm
File outdated by:  RHBA-2013:1123
    MD5: dc15a4396a1ebc9b3d2f683ab366c4af
SHA-256: f87952ce0a3110bee3f8e1d1bf75c14fdc9a2639f588f7a101fa1a0fc22f1c16
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 73e4c8b8d73d481b6512aa489321934a
SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 1146117c1944f9a1a61e4c80a4ca6b02
SHA-256: 2b7279fe2cf9fce7f677171d0fb7aeee447840471471c2745b2de3cb1a1f4490
libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 1b773cae44ee665d9ea90845457863e0
SHA-256: 9cc9563b1de2b52410bb242808ed433d889c056f2db108b0891bd9d841a71f5e
 
Red Hat Enterprise Linux Desktop (v. 5 client)

IA-32:
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 18a5066ea2bace2731557db195d566b1
SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: c6c8d306cad27b920f184c3325e5cefe
SHA-256: 286207995f1d8ec190cbd8ae0f9d83499c70c4e51d1d5fce960902f07415ed47
 
x86_64:
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm
File outdated by:  RHBA-2013:1123
    MD5: 18a5066ea2bace2731557db195d566b1
SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm
File outdated by:  RHBA-2013:1123
    MD5: dc15a4396a1ebc9b3d2f683ab366c4af
SHA-256: f87952ce0a3110bee3f8e1d1bf75c14fdc9a2639f588f7a101fa1a0fc22f1c16
libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm
File outdated by:  RHBA-2013:1123
    MD5: 1b773cae44ee665d9ea90845457863e0
SHA-256: 9cc9563b1de2b52410bb242808ed433d889c056f2db108b0891bd9d841a71f5e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
767387 - CVE-2011-3905 libxml2 out of bounds read
771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/