https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Bug ID: 1281936 Summary: libxml2: Buffer overread with XML parser in xmlNextChar Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com
A buffer overread in xmlNextChar was found, causing segmentation fault when compiled with ASAN.
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc4...
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1281937 Depends On| |1281938 Depends On| |1281939
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1281937]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281937 [Bug 1281937] libxml2: Buffer overread with XML parser in xmlNextChar [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281938 [Bug 1281938] mingw-libxml2: libxml2: Buffer overread with XML parser in xmlNextChar [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281939 [Bug 1281939] mingw-libxml2: libxml2: Buffer overread with XML parser in xmlNextChar [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1281938] Affects: epel-7 [bug 1281939]
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1281961
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Comment #3 from Adam Mariš amaris@redhat.com --- Acknowledgments:
Red Hat would like to thank GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|libxml2: Buffer overread |CVE-2015-8241 libxml2: |with XML parser in |Buffer overread with XML |xmlNextChar |parser in xmlNextChar Alias| |CVE-2015-8241
--- Comment #4 from Adam Mariš amaris@redhat.com --- CVE assignment:
http://openwall.com/lists/oss-security/2015/11/18/23
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1284794
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1286495 Depends On| |1286496 Depends On| |1286497
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Martin Cermak mcermak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mcermak@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Comment #8 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Comment #9 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20151008, |impact=low,public=20151008, |reported=20151113,source=re |reported=20151113,source=re |dhat,cvss2=4.3/AV:N/AC:M/Au |dhat,cvss2=4.3/AV:N/AC:M/Au |:N/C:P/I:N/A:N,cwe=CWE-125, |:N/C:P/I:N/A:N,cwe=CWE-125, |rhel-5/libxml2=affected,rhe |rhel-5/libxml2=affected,rhe |l-6/libxml2=affected,rhel-7 |l-6/libxml2=affected,rhel-7 |/libxml2=affected,jboss/lib |/libxml2=affected,jboss/lib |xml2=affected,fedora-all/li |xml2=affected,jbews-2/libxm |bxml2=affected,fedora-all/m |l2=wontfix,jbews-3/libxml2= |ingw-libxml2=affected,epel- |affected,fedora-all/libxml2 |7/mingw-libxml2=affected |=affected,fedora-all/mingw- | |libxml2=affected,epel-7/min | |gw-libxml2=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Timothy Walsh twalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1323035
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A buffer over-read vulnerability was found in libxml2 in xmlNextChar causing segmentation fault when compiled with ASAN.
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A buffer over-read flaw was found in libxml2 in xmlNextChar causing segmentation fault when compiled with ASAN.
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Doc Text *updated* by Timothy Walsh twalsh@redhat.com --- A heap-based buffer over-read flaw was found libxml2. The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause an application crash and denial of service or obtain sensitive information via crafted XML data.
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
--- Comment #13 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html