Oval Definition:oval:com.redhat.rhsa:def:20120987
Revision Date:2012-06-20Version:634
Title:RHSA-2012:0987: sblim-cim-client2 security update (Low)
Description:The SBLIM (Standards-Based Linux Instrumentation for Manageability) CIM (Common Information Model) Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF (Distributed Management Task Force) standards.

  • It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM (Web-Based Enterprise Management) server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions. (CVE-2012-2328)

    All users of sblim-cim-client2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2012-2328
    CVE-2012-2328
    RHSA-2012:0987
    RHSA-2012:0987-04
    RHSA-2012:0987-04
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • sblim-cim-client2 is earlier than 0:2.1.3-2.el6
  • AND sblim-cim-client2 is signed with Red Hat redhatrelease2 key
  • sblim-cim-client2-javadoc is earlier than 0:2.1.3-2.el6
  • AND sblim-cim-client2-javadoc is signed with Red Hat redhatrelease2 key
  • sblim-cim-client2-manual is earlier than 0:2.1.3-2.el6
  • AND sblim-cim-client2-manual is signed with Red Hat redhatrelease2 key
  • BACK