EGI CSIRT:Alerts/libxml2-2012-02-06

From EGIWiki
Revision as of 18:16, 6 February 2012 by Mingchao (talk | contribs) (Created page with '<pre> ** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT AD…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

** WHITE information - Unlimited distribution allowed                       **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **

EGI CSIRT ADVISORY [EGI-ADV-20120206]

Title:       MODERATE RISK - Multiple Vulnerabilities in the libxml (CVE-2012-3919 etc.) [EGI-ADV-20120206]
Date:        Feb. 06, 2012
Last update: Feb. 06, 2012
URL:         https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/EGI-ADV-20120206


Introduction
============

The libxml2 library is a development toolbox providing the implementation of various XML standards and is 
widely used by many applications. Multiple vulnerabilities were found in libxml2 package. A remote attacker 
could provide a specially-crafted XML file that, when opened in an application linked against libxml2, 
would cause the application to crash or, potentially, execute arbitrary code with the privileges of the 
user running the application (CVE-2011-3919, CVE-2011-0216, CVE-2011-1944).

Libxml2 shipped with RH4, 5 and 6 are affected. Patches from the Linux vendors are available (see reference).


Details
=======

At the moment we are not aware of any public exploit. The detail of some vulnerabilities such as CVE-2011-3919 
might be made public in the future [http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html]


Mitigation
==========

There is no known mitigation solution. Please update system with patches from Linux vendors.

Recommendations
===============

These vulnerabilities exist. While no serious exploit is available yet, there is the potential for a remote command 
execution and privilege escalation. There is the possibility that this may escalate to become a 'High' or 'Critical' 
risk issue if such an exploit were to be developed, particularly if it lead to 'root' escalation. 

Hence it is *recommended* that sites update their systems as soon as is practical. 


References
==========

RHEL4 update:
https://rhn.redhat.com/errata/RHSA-2012-0016.html
RHEL5 update:
https://rhn.redhat.com/errata/RHSA-2012-0017.html
RHEL6 update:
https://rhn.redhat.com/errata/RHSA-2012-0018.html