Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

Related bugs and status

CVE-2012-0841 (Candidate) is related to these bugs:

Bug #987502: libxml2-dev: /usr/bin/xml2-config isn't identical across all arch

Summary				In	Importance	Status
	987502	libxml2-dev: /usr/bin/xml2-config isn't identical across all arch		libxml2 (Ubuntu)	Medium	Fix Released
	987502	libxml2-dev: /usr/bin/xml2-config isn't identical across all arch		libxml2 (Ubuntu Precise)	Low	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
MISC: http://securitytracker...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://lists.apple.com...
MISC: http://lists.apple.com...
MISC: http://www.debian.org/...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://lists.opensuse....
MISC: http://www.openwall.co...
MISC: http://git.gnome.org/b...
MISC: http://support.apple.c...
MISC: http://support.apple.c...
MISC: http://www.oracle.com/...
MISC: http://www.xerox.com/d...
MISC: http://xmlsoft.org/new...
MISC: https://blogs.oracle.c...