Skip to navigation

Security Advisory Important: libxml2 security update

Advisory: RHSA-2012:0104-1
Type: Security Advisory
Severity: Important
Issued on: 2012-02-08
Last updated on: 2012-02-08
Affected Products: Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
CVEs (cve.mitre.org): CVE-2011-3919

Details

Updated libxml2 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

The libxml2 library is a development toolbox providing the implementation
of various XML standards.

A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)

All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
libxml2-2.6.26-2.1.2.8.el5_6.2.src.rpm     MD5: 13f95822210417aeb076f0a9427b6507
SHA-256: 95b34490721e026091c217a3b0f0f93b8775845470a31fc5d5eccbcc479a7b3e
 
IA-32:
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 0364036dceecc11142fffbea0b9fda8e
SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 4ab052a71dcfe52e4f1ca21e09d25fff
SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-python-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: c8393771ce257a3558f9dc12ac3d76c1
SHA-256: e4e8784ccd537b904b652c0df1d1b1d65f17c8bf0e31bcb216cf833923c61fa0
 
IA-64:
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 0364036dceecc11142fffbea0b9fda8e
SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-2.6.26-2.1.2.8.el5_6.2.ia64.rpm     MD5: 9452dfb783f4708d971fad5bef694d44
SHA-256: 92dccf097af6a1aedc84b0397997c2364b8251335042d681f91dc28388b83765
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.ia64.rpm     MD5: 8b168e9abee7fd64a1029f1da1d5c70d
SHA-256: b850ecace8c41ee1ea6d8affe4fa6f00c3c8a1115de208a2bf676adbd63abbfc
libxml2-python-2.6.26-2.1.2.8.el5_6.2.ia64.rpm     MD5: c7d33d7ac72b37391f2795498c4f24fd
SHA-256: c6381c0c930b41163733620bd6430cc82b100291f0ffbd970bf3820bb2935dbb
 
PPC:
libxml2-2.6.26-2.1.2.8.el5_6.2.ppc.rpm     MD5: 34f2f53fd13ca80dffeaca0cd5608c42
SHA-256: 1c4e4ca3c6bf5b50040794285b95cc6a3025f4c5b4c8ebd1811c3583c2c37786
libxml2-2.6.26-2.1.2.8.el5_6.2.ppc64.rpm     MD5: 53570f0ff1448a58705a4a6e5de65944
SHA-256: 8036800de085c15ba07169c479fdc5044ad1880f9c5fb7eaa395e974b80ac278
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.ppc.rpm     MD5: 7b8701a0f2f9c94125451d2ba498181a
SHA-256: 78a61e467fa40a96c618b9829e7263fe92bb1eb57661bbd9b40a93722adab40c
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.ppc64.rpm     MD5: b31875a6824e98c2e216791c33cf2503
SHA-256: fe30c0e41264fe2ef1bb915f1a973d47d2cd30988773525a1cbc6ef550c51681
libxml2-python-2.6.26-2.1.2.8.el5_6.2.ppc.rpm     MD5: 92e4f3a19d3a43b1feb5513ae4aee4f1
SHA-256: d29464eda83d17bc2cd40422571ab51194b25d94b9bc0226993aaab1deec7526
 
s390x:
libxml2-2.6.26-2.1.2.8.el5_6.2.s390.rpm     MD5: da3a47d437be9485e80216a5698bb467
SHA-256: 669d003064280093cf6a6854087ac4d13b6e9b303cd5491a7421149f05c1652a
libxml2-2.6.26-2.1.2.8.el5_6.2.s390x.rpm     MD5: af1505d90090d5dadd565c230cf2f1ad
SHA-256: 9b03f965a8233dbc91e5027db65f532f91a72286eda215db3949516e56f94749
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.s390.rpm     MD5: 471dd36e1fd71b4e84698f25eae32682
SHA-256: 7338a35dbe2914eaff172930e5734779300bce110eebf55a6efaf90ae283b9ac
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.s390x.rpm     MD5: d46283ca956709dbc48903ced85eb895
SHA-256: f9b92acf75553d2c006271ec5d6cb983d6c66e803f16009f80255d97630194fa
libxml2-python-2.6.26-2.1.2.8.el5_6.2.s390x.rpm     MD5: f8eb2214bc05a72c13c054a4d9151ead
SHA-256: a6ae7fc45286bd3832a1a26a01187c9e365186aea8f6b67454c42df5c600f062
 
x86_64:
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 0364036dceecc11142fffbea0b9fda8e
SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-2.6.26-2.1.2.8.el5_6.2.x86_64.rpm     MD5: af754a4030399dc456519cdcef5525c4
SHA-256: 8fac27c6d4a0d26a57b84452ba7f974c0d9e8b56e1f9d617f1810ba8079f3169
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 4ab052a71dcfe52e4f1ca21e09d25fff
SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.x86_64.rpm     MD5: 2fc2bb10c038402a7e10b75df41d386c
SHA-256: e53e0de6da918e0b2a2194ba384da9ba96fa43a0609878b0714ffa65e3b44a52
libxml2-python-2.6.26-2.1.2.8.el5_6.2.x86_64.rpm     MD5: ff450f53c28a8268974c6c598389784d
SHA-256: ac90443f1365cbacc084415cd8d292dabbc06fcfff9905773f2c226277a7cc6d
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
libxml2-2.6.26-2.1.2.8.el5_6.2.src.rpm     MD5: 13f95822210417aeb076f0a9427b6507
SHA-256: 95b34490721e026091c217a3b0f0f93b8775845470a31fc5d5eccbcc479a7b3e
 
IA-32:
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 0364036dceecc11142fffbea0b9fda8e
SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 4ab052a71dcfe52e4f1ca21e09d25fff
SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-python-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: c8393771ce257a3558f9dc12ac3d76c1
SHA-256: e4e8784ccd537b904b652c0df1d1b1d65f17c8bf0e31bcb216cf833923c61fa0
 
IA-64:
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 0364036dceecc11142fffbea0b9fda8e
SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-2.6.26-2.1.2.8.el5_6.2.ia64.rpm     MD5: 9452dfb783f4708d971fad5bef694d44
SHA-256: 92dccf097af6a1aedc84b0397997c2364b8251335042d681f91dc28388b83765
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.ia64.rpm     MD5: 8b168e9abee7fd64a1029f1da1d5c70d
SHA-256: b850ecace8c41ee1ea6d8affe4fa6f00c3c8a1115de208a2bf676adbd63abbfc
libxml2-python-2.6.26-2.1.2.8.el5_6.2.ia64.rpm     MD5: c7d33d7ac72b37391f2795498c4f24fd
SHA-256: c6381c0c930b41163733620bd6430cc82b100291f0ffbd970bf3820bb2935dbb
 
x86_64:
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 0364036dceecc11142fffbea0b9fda8e
SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-2.6.26-2.1.2.8.el5_6.2.x86_64.rpm     MD5: af754a4030399dc456519cdcef5525c4
SHA-256: 8fac27c6d4a0d26a57b84452ba7f974c0d9e8b56e1f9d617f1810ba8079f3169
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm     MD5: 4ab052a71dcfe52e4f1ca21e09d25fff
SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.x86_64.rpm     MD5: 2fc2bb10c038402a7e10b75df41d386c
SHA-256: e53e0de6da918e0b2a2194ba384da9ba96fa43a0609878b0714ffa65e3b44a52
libxml2-python-2.6.26-2.1.2.8.el5_6.2.x86_64.rpm     MD5: ff450f53c28a8268974c6c598389784d
SHA-256: ac90443f1365cbacc084415cd8d292dabbc06fcfff9905773f2c226277a7cc6d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/