https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Bug ID: 1274222 Summary: libxml2: Out-of-bounds memory access Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, drizt@land.ru, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com, weli@redhat.com
An out-of-bounds read vulnerability was found in libxml2 with crafted xml input.
Report can be found here:
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c1
Upstream patches:
https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5... https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b01...
CVE request:
http://seclists.org/oss-sec/2015/q4/127
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1274224 Depends On| |1274225 Depends On| |1274226
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1274224]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1274224 [Bug 1274224] libxml2: Out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1274225 [Bug 1274225] mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1274226 [Bug 1274226] mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1274225] Affects: epel-7 [bug 1274226]
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2015-7941
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|libxml2: Out-of-bounds |CVE-2015-7941 libxml2: |memory access |Out-of-bounds memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1284794
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1286495 Depends On| |1286496 Depends On| |1286497
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1281961
--- Comment #6 from Huzaifa S. Sidhpurwala huzaifas@redhat.com --- *** Bug 1281955 has been marked as a duplicate of this bug. ***
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Martin Cermak mcermak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mcermak@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Comment #7 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Comment #8 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
https://bugzilla.redhat.com/show_bug.cgi?id=1274222 Bug 1274222 depends on bug 1274225, which changed state.
Bug 1274225 Summary: CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1274225
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1274222 Bug 1274222 depends on bug 1274226, which changed state.
Bug 1274226 Summary: CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1274226
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20150222, |impact=low,public=20150222, |reported=20151022,source=os |reported=20151022,source=os |s-security,cvss2=4.0/AV:N/A |s-security,cvss2=4.0/AV:N/A |C:L/Au:S/C:P/I:N/A:N,cwe=CW |C:L/Au:S/C:P/I:N/A:N,cwe=CW |E-125,rhel-4/libxml2=affect |E-125,rhel-4/libxml2=affect |ed,rhel-5/libxml2=affected, |ed,rhel-5/libxml2=affected, |rhel-6/libxml2=affected,rhe |rhel-6/libxml2=affected,rhe |l-7/libxml2=affected,jboss/ |l-7/libxml2=affected,jboss/ |libxml2=affected,fedora-all |libxml2=affected,jbews-2/li |/libxml2=affected,fedora-al |bxml2=wontfix,jbews-3/libxm |l/mingw-libxml2=affected,ep |l2=affected,fedora-all/libx |el-7/mingw-libxml2=affected |ml2=affected,fedora-all/min | |gw-libxml2=affected,epel-7/ | |mingw-libxml2=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1322867
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- It was found that libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
--- Comment #12 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html