https://bugzilla.redhat.com/show_bug.cgi?id=1301928
Bug ID: 1301928
Summary: libxml2: out-of-bounds read in htmlParseNameComplex()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex()
function:
http://seclists.org/oss-sec/2016/q1/199
A remote attacker could provide a specially crafted XML file that, when
processed by an application linked against libxml2, could cause the application
to disclose crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1320995
Bug ID: 1320995
Summary: pcre: Segmentation fault on crafted regex when JIT is
used
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net,
athmanem(a)gmail.com, csutherl(a)redhat.com,
databases-maint(a)redhat.com, dknox(a)redhat.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, jclere(a)redhat.com,
jdornak(a)redhat.com, jdoyle(a)redhat.com,
jgrulich(a)redhat.com, jmlich83(a)gmail.com,
jorton(a)redhat.com, jtfas90(a)gmail.com,
klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk,
marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com,
mclasen(a)redhat.com, mmaslano(a)redhat.com,
myarboro(a)redhat.com, pmyers(a)valanet.net,
ppisar(a)redhat.com, pslavice(a)redhat.com,
rcollet(a)redhat.com, rjones(a)redhat.com,
rmeggins(a)redhat.com, rsvoboda(a)redhat.com,
sgrubb(a)redhat.com, t.sailer(a)alumni.ethz.ch,
twalsh(a)redhat.com, walters(a)redhat.com,
webstack-team(a)redhat.com, weli(a)redhat.com
It was reported that segmentation fault in surricata appeared when certain
regex is processed by pcre_exec in libpcre3.
Bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1321001
Bug ID: 1321001
Summary: mingw-glib2: pcre: Segmentation fault on crafted regex
when JIT is used [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-glib2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Blocks: 1320995
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1320995
[Bug 1320995] pcre: Segmentation fault on crafted regex when JIT is used
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1320999
Bug ID: 1320999
Summary: mingw-glib2: pcre: Segmentation fault on crafted regex
when JIT is used [fedora-all]
Product: Fedora
Version: 23
Component: mingw-glib2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, klember(a)redhat.com,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Blocks: 1320995
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1320995
[Bug 1320995] pcre: Segmentation fault on crafted regex when JIT is used
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1317701
Bug ID: 1317701
Summary: zlib1.dll missing execute premission
Product: Fedora
Version: 23
Component: mingw32-zlib
Assignee: rjones(a)redhat.com
Reporter: gene(a)digilicious.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Description of problem:
ls -l /usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll
-rw-r--r--. 1 root root 85026 Jun 17 2015
/usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
$ ls -l /usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll
-rwxr-xr-x. 1 root root 85026 Jun 17 2015
/usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll*
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1287636
shiwang <shiwang(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |shiwang(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1319831
Bug ID: 1319831
Summary: CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion
while parsing xml files in recovery mode [fedora-all]
Product: Fedora
Version: 23
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Blocks: 1319829 (CVE-2016-3627)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1319829
[Bug 1319829] CVE-2016-3627 libxml2: stack exhaustion while parsing xml
files in recovery mode
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1319832
Bug ID: 1319832
Summary: CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion
while parsing xml files in recovery mode [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Blocks: 1319829 (CVE-2016-3627)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1319829
[Bug 1319829] CVE-2016-3627 libxml2: stack exhaustion while parsing xml
files in recovery mode
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1319829
Bug ID: 1319829
Summary: CVE-2016-3627 libxml2: stack exhaustion while parsing
xml files in recovery mode
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, ohudlick(a)redhat.com,
rjones(a)redhat.com, veillard(a)redhat.com
A vulnerability was found in a way libxml2 parses certain files. With the
libxml2 in recovery mode, a maliciously crafted filed could cause libxml2 to
crash.
References:
http://seclists.org/oss-sec/2016/q1/682
CVE assignment:
http://seclists.org/oss-sec/2016/q1/683
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=954148
Itamar Reis Peixoto <itamar(a)ispbrasil.com.br> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
CC| |itamar(a)ispbrasil.com.br,
| |maci(a)satgnu.net
Resolution|--- |WONTFIX
Flags| |needinfo?(maci(a)satgnu.net)
Last Closed| |2016-03-19 21:37:59
--- Comment #3 from Itamar Reis Peixoto <itamar(a)ispbrasil.com.br> ---
please reopen if you're still interested, thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.