Juraj Somorovsky and Christopher Meyer reported that certain XML parsers/servers are affected by the same, or similar, flaw as the hash table collisions CPU usage denial of service. Sending a specially crafted message to an XML service can result in longer processing time, which could lead to a denial of service. It is reported that this attack on XML can be applied on different XML nodes (such as entities, element attributes, namespaces, various elements in the XML security, etc.). libxml2 is written in C and makes significant use of arrays. I will contact upstream to make them aware of this issue.
This is now public via: http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
Created libxml2 tracking bugs for this issue Affects: fedora-all [bug 795698]
Created mingw32-libxml2 tracking bugs for this issue Affects: fedora-all [bug 795699] Affects: epel-5 [bug 795700]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0324 https://rhn.redhat.com/errata/RHSA-2012-0324.html
Statement: (none)
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0217 https://rhn.redhat.com/errata/RHSA-2013-0217.html