https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Bug ID: 1281950 Summary: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com
Stack-based buffer overread vulnerability with HTML parser in push mode in xmlSAX2TextNode causing segmentation fault when compiled with ASAN.
Upstream bug (containing reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756372
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1281951 Depends On| |1281952 Depends On| |1281953
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1281951]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281951 [Bug 1281951] libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281952 [Bug 1281952] mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281953 [Bug 1281953] mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1281952] Affects: epel-7 [bug 1281953]
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1281961
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Comment #3 from Adam Mariš amaris@redhat.com --- Acknowledgments:
Red Hat would like to thank GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|libxml2: Buffer overread |CVE-2015-8242 libxml2: |with HTML parser in push |Buffer overread with HTML |mode in xmlSAX2TextNode |parser in push mode in | |xmlSAX2TextNode Alias| |CVE-2015-8242
--- Comment #4 from Adam Mariš amaris@redhat.com --- CVE assignment:
http://openwall.com/lists/oss-security/2015/11/18/23
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Comment #5 from Adam Mariš amaris@redhat.com --- Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e43...
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1284794
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1286495 Depends On| |1286496 Depends On| |1286497
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Martin Cermak mcermak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mcermak@redhat.com Flags| |needinfo?(veillard@redhat.c | |om)
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Comment #11 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Comment #12 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281950 Bug 1281950 depends on bug 1281952, which changed state.
Bug 1281952 Summary: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281952
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281950 Bug 1281950 depends on bug 1281953, which changed state.
Bug 1281953 Summary: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1281953
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20151011, |impact=low,public=20151011, |reported=20151113,source=re |reported=20151113,source=re |dhat,cvss2=4.3/AV:N/AC:M/Au |dhat,cvss2=4.3/AV:N/AC:M/Au |:N/C:P/I:N/A:N,rhel-5/libxm |:N/C:P/I:N/A:N,rhel-5/libxm |l2=affected,rhel-6/libxml2= |l2=affected,rhel-6/libxml2= |affected,rhel-7/libxml2=aff |affected,rhel-7/libxml2=aff |ected,jboss/libxml2=affecte |ected,jboss/libxml2=affecte |d,fedora-all/libxml2=affect |d,jbews-2/libxml2=wontfix,j |ed,fedora-all/mingw-libxml2 |bews-3/libxml2=affected,fed |=affected,epel-7/mingw-libx |ora-all/libxml2=affected,fe |ml2=affected |dora-all/mingw-libxml2=affe | |cted,epel-7/mingw-libxml2=a | |ffected
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1323037
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A stack-based buffer over-read vulnerability was found in libxml2 in the xmlSAX2TextNode function in SAX2.c that allows context-dependent attackers to cause a denial of service or obtain sensitive information via crafted XML data.
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A stack-based buffer over-read flaw was found in libxml2 in the xmlSAX2TextNode function in SAX2.c that allows context-dependent attackers to cause a denial of service or obtain sensitive information via crafted XML data.
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
--- Comment #16 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html