Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2012:0017 - Security Advisory
Issued:
2012-01-11
Updated:
2012-01-11

RHSA-2012:0017 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libxml2 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libxml2 packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The libxml2 library is a development toolbox providing the implementation
of various XML standards. One of those standards is the XML Path Language
(XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in
the way libxml2 parsed certain XML files. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libxml2 parsed certain XPath expressions. If an attacker
were able to supply a specially-crafted XML file to an application using
libxml2, as well as an XPath expression for that application to run against
the crafted file, it could cause the application to crash or, possibly,
execute arbitrary code. (CVE-2011-1944)

Flaws were found in the way libxml2 parsed certain XPath expressions. If an
attacker were able to supply a specially-crafted XML file to an application
using libxml2, as well as an XPath expression for that application to run
against the crafted file, it could cause the application to crash.
(CVE-2010-4008, CVE-2011-2834)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker
could provide a specially-crafted XML file that, when opened in an
application linked against libxml2, would cause the application to crash.
(CVE-2011-3905)

Note: Red Hat does not ship any applications that use libxml2 in a way that
would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be
exploited; however, third-party applications may allow XPath expressions to
be passed which could trigger these flaws.

Red Hat would like to thank the Google Security Team for reporting the
CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the
original reporter of CVE-2010-4008.

All users of libxml2 are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The desktop must
be restarted (log out, then log back in) for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
  • BZ - 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
  • BZ - 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
  • BZ - 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
  • BZ - 767387 - CVE-2011-3905 libxml2 out of bounds read
  • BZ - 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name

CVEs

  • CVE-2011-0216
  • CVE-2010-4008
  • CVE-2011-1944
  • CVE-2011-2834
  • CVE-2011-3919
  • CVE-2011-3905

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
libxml2-2.6.26-2.1.12.el5_7.2.src.rpm SHA-256: aaf46bb4f8a5f6ec7a3c8cb52ba6196590d7355809c923c2355458f3188d33c7
x86_64
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: f87952ce0a3110bee3f8e1d1bf75c14fdc9a2639f588f7a101fa1a0fc22f1c16
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 2b7279fe2cf9fce7f677171d0fb7aeee447840471471c2745b2de3cb1a1f4490
libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 9cc9563b1de2b52410bb242808ed433d889c056f2db108b0891bd9d841a71f5e
ia64
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm SHA-256: c9f28907233b2597be2e75a4e92c9aaca0e1577824dc82aaef83b8a76b8316b0
libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm SHA-256: 3c0778360535cfe2ae1512ccd775d85319a6976e6d185984ae5c94569d6c2f80
libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm SHA-256: 81b40afc27827bc35118c71dab58b1da335b4563ef869b214281cd234fe2e1d0
i386
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 286207995f1d8ec190cbd8ae0f9d83499c70c4e51d1d5fce960902f07415ed47

Red Hat Enterprise Linux Workstation 5

SRPM
libxml2-2.6.26-2.1.12.el5_7.2.src.rpm SHA-256: aaf46bb4f8a5f6ec7a3c8cb52ba6196590d7355809c923c2355458f3188d33c7
x86_64
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: f87952ce0a3110bee3f8e1d1bf75c14fdc9a2639f588f7a101fa1a0fc22f1c16
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 2b7279fe2cf9fce7f677171d0fb7aeee447840471471c2745b2de3cb1a1f4490
libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 9cc9563b1de2b52410bb242808ed433d889c056f2db108b0891bd9d841a71f5e
i386
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 286207995f1d8ec190cbd8ae0f9d83499c70c4e51d1d5fce960902f07415ed47

Red Hat Enterprise Linux Desktop 5

SRPM
libxml2-2.6.26-2.1.12.el5_7.2.src.rpm SHA-256: aaf46bb4f8a5f6ec7a3c8cb52ba6196590d7355809c923c2355458f3188d33c7
x86_64
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: f87952ce0a3110bee3f8e1d1bf75c14fdc9a2639f588f7a101fa1a0fc22f1c16
libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 9cc9563b1de2b52410bb242808ed433d889c056f2db108b0891bd9d841a71f5e
i386
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 286207995f1d8ec190cbd8ae0f9d83499c70c4e51d1d5fce960902f07415ed47

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
libxml2-2.6.26-2.1.12.el5_7.2.src.rpm SHA-256: aaf46bb4f8a5f6ec7a3c8cb52ba6196590d7355809c923c2355458f3188d33c7
s390x
libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm SHA-256: 8b2fcd68ca936de60b269fee1db7b18b41265cd2e1020c7c7bb16e41704925af
libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm SHA-256: 797151d66c88668ecedf593597a0be26365ed48001af7ff849437613c7eff702
libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm SHA-256: e17e67bc9f74e8f2a51845283ad7d99725f5e5c9b174f9933e4bccd83120e6d2
libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm SHA-256: 126f34df4ea20ccfba421fdf9baa81dc2032299823a533338454cfb13f654da5
libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm SHA-256: 6f38a41a9439d189c3c0582762f72bc60213dbddadea7fe2df85a8ae5ac04065

Red Hat Enterprise Linux for Power, big endian 5

SRPM
libxml2-2.6.26-2.1.12.el5_7.2.src.rpm SHA-256: aaf46bb4f8a5f6ec7a3c8cb52ba6196590d7355809c923c2355458f3188d33c7
ppc
libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm SHA-256: 7510bd9e6b2e4732c0c643d810ac462474d44903518465bfe4444ffdd85b8bd1
libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm SHA-256: 09408e70084f2a67a964c8b3b1e909a2b2bd6d0e159f4b9c47fc9750b02c134d
libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm SHA-256: 6c7daf723b9fa00521a209055d3037225f21d4b07fd942ba04a9e2e0a101df31
libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm SHA-256: 84030fe651b03794ed02516e99779ef7f1c18cf5aae63d3ba98b5f57a06d94a4
libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm SHA-256: a43eb02dbbe78e642b0fc152e9668de4ee55381a51103d1360b559c6388819c2

Red Hat Enterprise Linux Server from RHUI 5

SRPM
libxml2-2.6.26-2.1.12.el5_7.2.src.rpm SHA-256: aaf46bb4f8a5f6ec7a3c8cb52ba6196590d7355809c923c2355458f3188d33c7
x86_64
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: f87952ce0a3110bee3f8e1d1bf75c14fdc9a2639f588f7a101fa1a0fc22f1c16
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 2b7279fe2cf9fce7f677171d0fb7aeee447840471471c2745b2de3cb1a1f4490
libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm SHA-256: 9cc9563b1de2b52410bb242808ed433d889c056f2db108b0891bd9d841a71f5e
i386
libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: a9b240e58b30aff50e3d83dd65cb5bf4b8b971a1085c6c5fcc3e5339cdc06772
libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 2b04cb702c541861ab240cb481e3d9c91a640f80b4256a326b13958fb3031baa
libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm SHA-256: 286207995f1d8ec190cbd8ae0f9d83499c70c4e51d1d5fce960902f07415ed47

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility