IBM Support

IT12605: SPECIALLY CRAFTED XML FILE THAT, WHEN PARSED USING LIBXML2, COULD CAUSE AN APPLICATION TO USE AN EXCESSIVE AMOUNT OF MEMORY

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Specially crafted XML file that, when parsed by an application
    using libxml2, could cause that application to use an excessive
    amount of memory. Libxml2 is only used by few modules within
    DataPower firmware.
    

Local fix

Problem summary

  • IBM DataPower Gateway addressed a vulnerability in libxm2
    which could cause excessive memory usage in an application
    when parsing specially crafted XML file. Libxml2 is only used by
     few modules within DataPower firmware.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT12605

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    720

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-12-10

  • Closed date

    2016-01-27

  • Last modified date

    2016-02-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R600 PSN

       UP

  • R601 PSN

       UP

  • R700 PSN

       UP

  • R710 PSN

       UP

  • R720 PSN

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 7.2

Reference #: IT12605

Modified date: 01 February 2016