Bug 750914 - (CVE-2012-0876) VUL-0: CVE-2012-0876: expat: hash table collisions CPU usage DoS
(CVE-2012-0876)
VUL-0: CVE-2012-0876: expat: hash table collisions CPU usage DoS
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle10-sp3:46022 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-07 08:57 UTC by Matthias Weckbecker
Modified: 2017-02-02 15:25 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-03-07 08:57:07 UTC
expat seems to be prone to the hash table collisions DoS vulnerability (reported at [1]) as well:

"This release was triggered by a hash table DOS attack fix, it also includes
accumulated bug fixes and some changes to the build system - using autoreconf
instead of the old code in buildconf.sh.

Also added a conditional feature to make byte offsets for attributes and
attribute names available.

What's missing: Documentation updates (Changes file, reference.html)

Karl"

[1] http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
Comment 1 Matthias Weckbecker 2012-03-07 08:58:34 UTC
r1.168 in xmlparse.c contains the patch,

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log
Comment 2 Swamp Workflow Management 2012-03-07 15:28:04 UTC
The SWAMPID for this issue is 45949.
This issue was rated as moderate.
Please submit fixed packages until 2012-03-21.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 5 Bernhard Wiedemann 2012-03-08 12:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (750914) was mentioned in
https://build.opensuse.org/request/show/108480 12.1 / expat
https://build.opensuse.org/request/show/108483 11.4 / expat
Comment 8 Swamp Workflow Management 2012-03-28 14:08:26 UTC
openSUSE-SU-2012:0423-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 750914,751464,751465
CVE References: CVE-2012-0876,CVE-2012-1147,CVE-2012-1148
Sources used:
openSUSE 12.1 (src):    expat-2.0.1-109.4.1
openSUSE 11.4 (src):    expat-2.0.1-102.105.1

Product List: openSUSE 12.1
openSUSE 11.4
Comment 9 Bernhard Wiedemann 2012-04-02 08:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (750914) was mentioned in
https://build.opensuse.org/request/show/112140 Evergreen:11.2 / expat
Comment 10 Swamp Workflow Management 2012-04-03 15:10:58 UTC
Update released for: expat, expat-32bit, expat-debuginfo, expat-debuginfo-32bit, expat-debuginfo-64bit, expat-debuginfo-x86, expat-debugsource, libexpat-devel, libexpat1, libexpat1-32bit, libexpat1-x86
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 11 Swamp Workflow Management 2012-04-03 16:10:01 UTC
Update released for: expat
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 12 Marcus Meissner 2012-04-04 13:10:45 UTC
we released this for openSUSE too, and received bugreports.

- exempi does not work correctly anymore (not more details)
- bug 755377 - libexpat1-2.0.1-109.4.1 couses an error for miranda clients connecting to ejabber
Comment 13 Bernhard Wiedemann 2012-04-06 05:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (750914) was mentioned in
https://build.opensuse.org/request/show/112758 Evergreen:11.2 / expat
Comment 14 Stefan Lijewski 2012-04-10 09:25:53 UTC
bug 755377 reproducible also on Evergreen:11.2 with this update
Comment 15 Vojtech Dziewiecki 2012-04-26 06:42:47 UTC
Fixed.
Stefan: Thanks for submitting it to evergreen!
Comment 16 Marcus Meissner 2012-04-26 06:46:45 UTC
if you have submitted all fixes for a security, please reassign it to the security team for tracking, doing so now.
Comment 17 Marcus Meissner 2012-06-20 15:13:49 UTC
released
Comment 18 Swamp Workflow Management 2012-06-20 17:59:05 UTC
Update released for: expat, expat-32bit, expat-64bit, expat-debuginfo, expat-debuginfo-32bit, expat-debuginfo-64bit, expat-debuginfo-x86, expat-debugsource, expat-x86, libexpat-devel, libexpat1, libexpat1-32bit, libexpat1-x86
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 19 Swamp Workflow Management 2012-06-20 18:51:39 UTC
Update released for: expat, expat-debuginfo, expat-debuginfo-32bit, expat-debuginfo-64bit, expat-debuginfo-x86, expat-debugsource, libexpat-devel, libexpat1, libexpat1-32bit, libexpat1-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)