sblim-cim-client2-2.1.3-2.AXS4

エラータID: AXSA:2012-596:01

Release date: 
Wednesday, July 25, 2012 - 10:12
Subject: 
sblim-cim-client2-2.1.3-2.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

The purpose of this package is to provide a CIM Client Class Library for Java applications. It complies to the DMTF standard CIM Operations over HTTP and intends to be compatible with JCP JSR48 once it becomes available. To learn more about DMTF visit http://www.dmtf.org. More infos about the Java Community Process and JSR48 can be found at http://www.jcp.org and http://www.jcp.org/en/jsr/detail?id=48.

Security issues fixed with this release:

• CVE-2012-2328
No description available at the time of writing, please use the CVE link below.

Solution: 

Update packages.

CVEs: 
CVE-2012-2328
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.


Additional Info: 

N/A

Download: 

SRPMS
  1. sblim-cim-client2-2.1.3-2.AXS4.src.rpm
    MD5: eb2f2d61ecc2715c631a5f824f7655a0
    SHA-256: b89e1aa0306a5048651f85a28ea7581428ad710bce301a1fbd8493cda4654d85
    Size: 833.70 kB

Asianux Server 4 for x86
  1. sblim-cim-client2-2.1.3-2.AXS4.noarch.rpm
    MD5: 2c152584df1eea1ffdcc4bb1b3f693e2
    SHA-256: 5d9efa67000265649016d2c0e823fa8acba3f7dbf2a13b4a3a6331e327e1280c
    Size: 601.79 kB

Asianux Server 4 for x86_64
  1. sblim-cim-client2-2.1.3-2.AXS4.noarch.rpm
    MD5: a068957a8c7a0752affc93e0d1fcafe0
    SHA-256: d1281dfb035028a2e7554822d26a5202484a56f6e2129697dcc60e5f9509e8ea
    Size: 601.35 kB