https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Bug ID: 1276297 Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, drizt@land.ru, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b01...
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456
CVE assignment:
http://seclists.org/oss-sec/2015/q4/130
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1276298 Depends On| |1276299 Depends On| |1276300
--- Comment #1 from Martin Prpic mprpic@redhat.com ---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1276298]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1276298 [Bug 1276298] CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276299 [Bug 1276299] CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276300 [Bug 1276300] CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Comment #2 from Martin Prpic mprpic@redhat.com ---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1276299] Affects: epel-7 [bug 1276300]
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Comment #3 from Adam Mariš amaris@redhat.com --- Upstream patches:
https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c475... https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f871...
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1284794
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1286495 Depends On| |1286496 Depends On| |1286497
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Martin Cermak mcermak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mcermak@redhat.com Flags| |needinfo?(veillard@redhat.c | |om)
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Comment #9 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Comment #10 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Bug 1276297 depends on bug 1276299, which changed state.
Bug 1276299 Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276299
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Bug 1276297 depends on bug 1276300, which changed state.
Bug 1276300 Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1276300
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1022,reported=20151022,sour |1022,reported=20151022,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |V:N/AC:M/Au:N/C:N/I:N/A:P,c |we=CWE-122,rhel-4/libxml2=a |we=CWE-122,rhel-4/libxml2=a |ffected,rhel-5/libxml2=affe |ffected,rhel-5/libxml2=affe |cted,rhel-6/libxml2=affecte |cted,rhel-6/libxml2=affecte |d,rhel-7/libxml2=affected,j |d,rhel-7/libxml2=affected,j |boss/libxml2=affected,fedor |boss/libxml2=affected,jbews |a-all/libxml2=affected,fedo |-2/libxml2=wontfix,jbews-3/ |ra-all/mingw-libxml2=affect |libxml2=affected,fedora-all |ed,epel-7/mingw-libxml2=aff |/libxml2=affected,fedora-al |ected |l/mingw-libxml2=affected,ep | |el-7/mingw-libxml2=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1322869
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
--- Comment #14 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html