https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Bug ID: 1277146 Summary: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com
A vulnerability in libxml2 when parsing specially crafted XML document if XZ support is enabled causing DoS of application was found.
CVE request (including reproducer):
http://seclists.org/oss-sec/2015/q4/206
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1277147 Depends On| |1277149 Depends On| |1277150
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1277147]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1277147 [Bug 1277147] libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277149 [Bug 1277149] mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277150 [Bug 1277150] mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1277149] Affects: epel-7 [bug 1277150]
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1277152
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1102,reported=20151102,sour |1102,reported=20151102,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,r |V:N/AC:M/Au:N/C:N/I:N/A:P,r |hel-5/libxml2=affected,rhel |hel-5/libxml2=notaffected,r |-6/libxml2=affected,rhel-7/ |hel-6/libxml2=notaffected,r |libxml2=affected,jboss/libx |hel-7/libxml2=affected,jbos |ml2=affected,fedora-all/lib |s/libxml2=affected,fedora-a |xml2=affected,fedora-all/mi |ll/libxml2=affected,fedora- |ngw-libxml2=affected,epel-7 |all/mingw-libxml2=notaffect |/mingw-libxml2=affected |ed,epel-7/mingw-libxml2=not | |affected
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Comment #3 from Martin Prpic mprpic@redhat.com --- Statement:
This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Comment #4 from Martin Prpic mprpic@redhat.com --- LZMA compression support was introduced in libxml2 in:
2.8.0: May 23 2012 Features: add lzma compression support (Anders F Bjorklund)
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Daniel Veillard veillard@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
--- Comment #5 from Daniel Veillard veillard@redhat.com --- So lzma support in 2.9.2 seems to be broken that's why Fedora seems not affected.
But the bug is present since all version 2.8.0 onward. Seems I managed to get a first fix for the issue, I will add as attachment
Daniel
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Comment #6 from Daniel Veillard veillard@redhat.com --- Created attachment 1088640 --> https://bugzilla.redhat.com/attachment.cgi?id=1088640&action=edit Suggested patch for the issue
https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug 1277146 depends on bug 1277147, which changed state.
Bug 1277147 Summary: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277147
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Daniel Veillard veillard@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |POST
--- Comment #9 from Daniel Veillard veillard@redhat.com --- https://bugzilla.gnome.org/show_bug.cgi?id=757466
patch pushed upstream:
https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e...
Daniel
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2015-8035
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|libxml2: DoS when parsing |CVE-2015-8035 libxml2: DoS |specially crafted XML |when parsing specially |document if XZ support is |crafted XML document if XZ |enabled |support is enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|POST |NEW
https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug 1277146 depends on bug 1277149, which changed state.
Bug 1277149 Summary: CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277149
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug 1277146 depends on bug 1277150, which changed state.
Bug 1277150 Summary: CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1277150
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1102,reported=20151102,sour |1102,reported=20151102,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,r |V:N/AC:M/Au:N/C:N/I:N/A:P,r |hel-5/libxml2=notaffected,r |hel-5/libxml2=notaffected,r |hel-6/libxml2=notaffected,r |hel-6/libxml2=notaffected,r |hel-7/libxml2=affected,jbos |hel-7/libxml2=affected,jbos |s/libxml2=affected,fedora-a |s/libxml2=affected,jbews-2/ |ll/libxml2=affected,fedora- |libxml2=wontfix,jbews-3/lib |all/mingw-libxml2=notaffect |xml2=affected,fedora-all/li |ed,epel-7/mingw-libxml2=not |bxml2=affected,fedora-all/m |affected |ingw-libxml2=notaffected,ep | |el-7/mingw-libxml2=notaffec | |ted
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1322872
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A vulnerability in libxml2 was found that caused a Dos when parsing specially crafted XML document with XZ support is enabled.
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A vulnerability in libxml2 was found that caused a denial of service when parsing specially crafted XML document with XZ support is enabled.
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
--- Comment #13 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html