https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Bug ID: 1281950
Summary: libxml2: Buffer overread with HTML parser in push mode
in xmlSAX2TextNode
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Stack-based buffer overread vulnerability with HTML parser in push mode in
xmlSAX2TextNode causing segmentation fault when compiled with ASAN.
Upstream bug (containing reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756372
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=S97GEQo7jh&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Bug ID: 1281936
Summary: libxml2: Buffer overread with XML parser in
xmlNextChar
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A buffer overread in xmlNextChar was found, causing segmentation fault when
compiled with ASAN.
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AuaeY9x6SN&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281930
Bug ID: 1281930
Summary: libxml2: Out-of-bounds heap read on 0xff char in xml
declaration
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
An out-of-bounds heap read in xmlParseXMLDecl happens when a file containing
unfinished xml declaration, e.g. <?xml versionencoding="ISO88598", is followed
by 0xff byte.
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=751631
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f264…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RtnuYLKA2T&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Bug ID: 1277146
Summary: libxml2: DoS when parsing specially crafted XML
document if XZ support is enabled
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A vulnerability in libxml2 when parsing specially crafted XML document if XZ
support is enabled causing DoS of application was found.
CVE request (including reproducer):
http://seclists.org/oss-sec/2015/q4/206
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5GhAg1MnGX&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Bug ID: 1276297
Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in
xmlParseConditionalSections()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain
crafted XML input. A remote attacker could provide a specially-crafted XML file
that, when opened in an application linked against libxml2, would cause the
application to crash.
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0…
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456
CVE assignment:
http://seclists.org/oss-sec/2015/q4/130
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1213957
Bug ID: 1213957
Summary: libxml2: out-of-bounds memory access when parsing an
unclosed HTML comment
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Following issue was reported in libxml2
(http://seclists.org/oss-sec/2015/q2/214)
"""
This is an out-of-bounds memory access in libxml2. By entering a unclosed
html comment such as <!-- the libxml2 parser didn't stop parsing at the end
of the buffer, causing random memory to be included in the parsed comment
that was returned to ruby. In Shopify, this caused ruby objects from
previous http requests to be disclosed in the rendered page.
Link to the issue in libxml2's bugtracker:
https://bugzilla.gnome.org/show_bug.cgi?id=746048
A patched version of nokogiri (which uses a embedded libxml2) is available
here:
https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998…
This bug is still not patched upstream, but both libxml2 and nokogiri
developers are aware of the issue.
"""
No upstream patches exist at the time of creating this Bugzilla.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zRmasjF3dU&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1306047
Bug ID: 1306047
Summary: [Patch] Use posix threads, fix static library
Product: Fedora
Version: rawhide
Component: mingw-glib2
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: manisandro(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, klember(a)redhat.com,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Created attachment 1122556
--> https://bugzilla.redhat.com/attachment.cgi?id=1122556&action=edit
Patch
The attached patch
- Sets the threading implementation to posix. Win32 threads seem broken
(regardless of whether used with static or dynamically linked glib)
- Improves glib-prefer-constructors-over-DllMain.patch to always prefer
constructors over DllMain, also handling a second case of DllMain
- Adds a missing BR for mingw-pcre
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Bug ID: 1311503
Summary: pcre: workspace overflow for (*ACCEPT) with deeply
nested parentheses (8.39/13, 10.22/12)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: thoger(a)redhat.com
CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net,
csutherl(a)redhat.com, databases-maint(a)redhat.com,
dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, jclere(a)redhat.com,
jdornak(a)redhat.com, jdoyle(a)redhat.com,
jgrulich(a)redhat.com, jorton(a)redhat.com,
klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk,
marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com,
mclasen(a)redhat.com, mmaslano(a)redhat.com,
myarboro(a)redhat.com, pmyers(a)valanet.net,
ppisar(a)redhat.com, pslavice(a)redhat.com,
rcollet(a)redhat.com, rjones(a)redhat.com,
rmeggins(a)redhat.com, rsvoboda(a)redhat.com,
t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com,
walters(a)redhat.com, webstack-team(a)redhat.com,
weli(a)redhat.com
ZDI reported a stack-based buffer overflow in pcre and pcre2. ZDI-CAN-3542 id
is used to identify the issue.
https://bugs.exim.org/show_bug.cgi?id=1791
PCRE does not validate that handling the (*ACCEPT) verb will occur within
the bounds of the cworkspace stack buffer, leading to a stack buffer
overflow.
Fixed upstream in pcre and pcre2 via the following commits:
http://vcs.pcre.org/pcre?view=revision&revision=1631http://vcs.pcre.org/pcre2?view=revision&revision=489
Issue is triggered by the following pattern:
/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
PCRE 8.00 seems to be the first affected version.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1304636
Bug ID: 1304636
Summary: CVE-2015-8806 libxml2: heap-buffer overread in dict.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A heap-buffer overread vulnerability was found in libxml2. A specially crafted
file can cause the application to crash.
External bugzilla report with reproducer:
https://bugzilla.gnome.org/show_bug.cgi?id=749115
CVE assignment:
http://seclists.org/oss-sec/2016/q1/277
--
You are receiving this mail because:
You are on the CC list for the bug.