rhsa-2013_0217
Vulnerability from csaf_redhat
Published
2013-01-31 19:14
Modified
2024-11-22 04:38
Summary
Red Hat Security Advisory: mingw32-libxml2 security update
Notes
Topic
Updated mingw32-libxml2 packages that fix several security issues are now
available for Red Hat Enterprise Linux 6. This advisory also contains
information about future updates for the mingw32 packages, as well as the
deprecation of the packages with the release of Red Hat
Enterprise Linux 6.4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the libxml2 library, a development toolbox providing
the implementation of various XML standards, for users of MinGW (Minimalist
GNU for Windows).
IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no
longer be updated proactively and will be deprecated with the release of
Red Hat Enterprise Linux 6.4. These packages were provided to support other
capabilities in Red Hat Enterprise Linux and were not intended for direct
customer use. Customers are advised to not use these packages with
immediate effect. Future updates to these packages will be at Red Hat's
discretion and these packages may be removed in a future minor release.
A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)
A heap-based buffer underflow flaw was found in the way libxml2 decoded
certain entities. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-5134)
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time, which
could lead to a denial of service. To mitigate this issue, randomization
has been added to the hashing function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2012-0841)
Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path
Language) expressions. If an attacker were able to supply a
specially-crafted XML file to an application using libxml2, as well as an
XPath expression for that application to run against the crafted file, it
could cause the application to crash. (CVE-2010-4008, CVE-2010-4494,
CVE-2011-2821, CVE-2011-2834)
Two heap-based buffer overflow flaws were found in the way libxml2 decoded
certain XML files. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-0216,
CVE-2011-3102)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libxml2 parsed certain XPath expressions. If an attacker
were able to supply a specially-crafted XML file to an application using
libxml2, as well as an XPath expression for that application to run against
the crafted file, it could cause the application to crash or, possibly,
execute arbitrary code. (CVE-2011-1944)
An out-of-bounds memory read flaw was found in libxml2. A remote attacker
could provide a specially-crafted XML file that, when opened in an
application linked against libxml2, would cause the application to crash.
(CVE-2011-3905)
Red Hat would like to thank the Google Security Team for reporting the
CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the
original reporter of CVE-2010-4008.
All users of mingw32-libxml2 are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated mingw32-libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6. This advisory also contains\ninformation about future updates for the mingw32 packages, as well as the\ndeprecation of the packages with the release of Red Hat\nEnterprise Linux 6.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows).\n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat\u0027s\ndiscretion and these packages may be removed in a future minor release.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0217",
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "645341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645341"
},
{
"category": "external",
"summary": "665963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665963"
},
{
"category": "external",
"summary": "709747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"
},
{
"category": "external",
"summary": "724906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=724906"
},
{
"category": "external",
"summary": "735712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735712"
},
{
"category": "external",
"summary": "735751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735751"
},
{
"category": "external",
"summary": "767387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767387"
},
{
"category": "external",
"summary": "771896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771896"
},
{
"category": "external",
"summary": "787067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=787067"
},
{
"category": "external",
"summary": "822109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=822109"
},
{
"category": "external",
"summary": "880466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0217.json"
}
],
"title": "Red Hat Security Advisory: mingw32-libxml2 security update",
"tracking": {
"current_release_date": "2024-11-22T04:38:11+00:00",
"generator": {
"date": "2024-11-22T04:38:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0217",
"initial_release_date": "2013-01-31T19:14:00+00:00",
"revision_history": [
{
"date": "2013-01-31T19:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-01-31T19:25:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T04:38:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"product": {
"name": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"product_id": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libxml2-static@2.7.6-6.el6_3?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"product": {
"name": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"product_id": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libxml2-debuginfo@2.7.6-6.el6_3?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"product": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"product_id": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libxml2@2.7.6-6.el6_3?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"product": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"product_id": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libxml2@2.7.6-6.el6_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Client-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"relates_to_product_reference": "6Client-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Client-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Client-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"relates_to_product_reference": "6ComputeNode-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Workstation-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-0:2.7.6-6.el6_3.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src"
},
"product_reference": "mingw32-libxml2-0:2.7.6-6.el6_3.src",
"relates_to_product_reference": "6Workstation-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Workstation-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
},
"product_reference": "mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"relates_to_product_reference": "6Workstation-optional-6.3.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Google Security Team"
]
},
{
"names": [
"Bui Quang Minh"
],
"organization": "Bkis",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2010-4008",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2010-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "645341"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4008"
},
{
"category": "external",
"summary": "RHBZ#645341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4008",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4008"
}
],
"release_date": "2010-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis"
},
{
"cve": "CVE-2010-4494",
"discovery_date": "2010-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "665963"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: double-free in XPath processing code",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of libxml and libxml2 as shipped with\nRed Hat Enterprise Linux 3, and it did not affect the version of libxml2 as\nshipped with Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4494"
},
{
"category": "external",
"summary": "RHBZ#665963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=665963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4494",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4494"
}
],
"release_date": "2010-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: double-free in XPath processing code"
},
{
"cve": "CVE-2011-0216",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2011-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "724906"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Off-by-one error leading to heap-based buffer overflow in encoding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0216"
},
{
"category": "external",
"summary": "RHBZ#724906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=724906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0216"
}
],
"release_date": "2011-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Off-by-one error leading to heap-based buffer overflow in encoding"
},
{
"cve": "CVE-2011-1944",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2011-05-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "709747"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1944"
},
{
"category": "external",
"summary": "RHBZ#709747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1944"
}
],
"release_date": "2011-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets"
},
{
"cve": "CVE-2011-2821",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"discovery_date": "2011-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "735712"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: double free caused by malformed XPath expression in XSLT",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of libxml2 package as shipped with Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2821"
},
{
"category": "external",
"summary": "RHBZ#735712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2821",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2821"
}
],
"release_date": "2011-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: double free caused by malformed XPath expression in XSLT"
},
{
"cve": "CVE-2011-2834",
"discovery_date": "2011-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "735751"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: double-free caused by malformed XPath expression in XSLT",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2834"
},
{
"category": "external",
"summary": "RHBZ#735751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2834",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2834"
}
],
"release_date": "2011-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: double-free caused by malformed XPath expression in XSLT"
},
{
"cve": "CVE-2011-3102",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2012-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "822109"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: An off-by-one out-of-bounds write by XPointer part evaluation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3102"
},
{
"category": "external",
"summary": "RHBZ#822109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=822109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3102"
}
],
"release_date": "2012-05-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml: An off-by-one out-of-bounds write by XPointer part evaluation"
},
{
"cve": "CVE-2011-3905",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2011-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "767387"
}
],
"notes": [
{
"category": "description",
"text": "libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2 out of bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of libxml2 as shipped with Red Hat Enterprise\nLinux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and\nRHSA-2012:0018 respectively. This issue affects the version of mingw32-libxml2\nas shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team\nhas rated this issue as having low security impact. A future update may address\nthis issue in Red Hat Enterprise Linux 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3905"
},
{
"category": "external",
"summary": "RHBZ#767387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3905"
}
],
"release_date": "2011-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2 out of bounds read"
},
{
"cve": "CVE-2011-3919",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2012-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "771896"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer overflow when decoding an entity reference with a long name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affected the versions of libxml2 as shipped with Red Hat Enterprise Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and RHSA-2012:0018 respectively.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3919"
},
{
"category": "external",
"summary": "RHBZ#771896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3919"
}
],
"release_date": "2012-01-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Heap-based buffer overflow when decoding an entity reference with a long name"
},
{
"cve": "CVE-2012-0841",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2012-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "787067"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: hash table collisions CPU usage DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-0841"
},
{
"category": "external",
"summary": "RHBZ#787067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=787067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0841",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0841"
}
],
"release_date": "2012-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: hash table collisions CPU usage DoS"
},
{
"cve": "CVE-2012-5134",
"discovery_date": "2012-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "880466"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-buffer-underflow in xmlParseAttValueComplex",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5134"
},
{
"category": "external",
"summary": "RHBZ#880466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5134"
}
],
"release_date": "2012-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-01-31T19:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0217"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Client-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Client-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6ComputeNode-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Server-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Server-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-0:2.7.6-6.el6_3.src",
"6Workstation-optional-6.3.z:mingw32-libxml2-debuginfo-0:2.7.6-6.el6_3.noarch",
"6Workstation-optional-6.3.z:mingw32-libxml2-static-0:2.7.6-6.el6_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Heap-buffer-underflow in xmlParseAttValueComplex"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.