Red Hat Product Errata RHSA-2012:0104 - Security Advisory

Issued:: 2012-02-08
Updated:: 2012-02-08

RHSA-2012:0104 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libxml2 security update

Type/Severity

Security Advisory: Important

Topic

Updated libxml2 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Description

The libxml2 library is a development toolbox providing the implementation
of various XML standards.

A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)

All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 5.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.6 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.6 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 i386
Red Hat Enterprise Linux Server - AUS 5.6 x86_64
Red Hat Enterprise Linux Server - AUS 5.6 ia64
Red Hat Enterprise Linux Server - AUS 5.6 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6 ppc

Fixes

BZ - 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name

CVEs

CVE-2011-3919

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 5.6

SRPM
x86_64
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
ia64
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
i386
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-python-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: e4e8784ccd537b904b652c0df1d1b1d65f17c8bf0e31bcb216cf833923c61fa0

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6

SRPM
x86_64
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
i386
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-python-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: e4e8784ccd537b904b652c0df1d1b1d65f17c8bf0e31bcb216cf833923c61fa0

Red Hat Enterprise Linux Server - AUS 5.6

SRPM
x86_64
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
ia64
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
i386
libxml2-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 58e3f9576858ad2785aaecd3a58ef37b3029a76ba2970492d11c7288af994132
libxml2-devel-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: 5e371188ba13839882aebc2011caa9412e67708f26f92898eb9de96f04498e32
libxml2-python-2.6.26-2.1.2.8.el5_6.2.i386.rpm	SHA-256: e4e8784ccd537b904b652c0df1d1b1d65f17c8bf0e31bcb216cf833923c61fa0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories