Bug 461107 (CVE-2003-1564)
Summary: | CVE-2003-1564 libxml2: billion laughs DoS attack | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | mnowak, veillard | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-09-11 14:08:00 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tomas Hoger
2008-09-04 08:54:37 UTC
Created attachment 315726 [details] Public test case Source: http://www.cogsci.ed.ac.uk/~richard/billion-laughs.xml libxml2 versions as shipped in Red Hat Enterprise Linux 3, 4 and 5 are based on upstream version that detects this this type of attack. Additionally, detection was further improved recently in the patch for the "attribute value" variant of this attack known as CVE-2008-3281 (see bug #458086 and bug #460396). This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0886.html |