mingw April 2016

mingw@lists.fedoraproject.org

2 participants
26 discussions

[Bug 1281950] New: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281950 Bug ID: 1281950 Summary: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Stack-based buffer overread vulnerability with HTML parser in push mode in xmlSAX2TextNode causing segmentation fault when compiled with ASAN. Upstream bug (containing reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756372 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=S97GEQo7jh&a=cc_unsubscribe

1 20

[Bug 1281936] New: libxml2: Buffer overread with XML parser in xmlNextChar
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281936 Bug ID: 1281936 Summary: libxml2: Buffer overread with XML parser in xmlNextChar Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A buffer overread in xmlNextChar was found, causing segmentation fault when compiled with ASAN. Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AuaeY9x6SN&a=cc_unsubscribe

1 19

[Bug 1281930] New: libxml2: Out-of-bounds heap read on 0xff char in xml declaration
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Bug ID: 1281930 Summary: libxml2: Out-of-bounds heap read on 0xff char in xml declaration Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com An out-of-bounds heap read in xmlParseXMLDecl happens when a file containing unfinished xml declaration, e.g. <?xml versionencoding="ISO88598", is followed by 0xff byte. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=751631 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f264… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RtnuYLKA2T&a=cc_unsubscribe

1 18

[Bug 1277146] New: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug ID: 1277146 Summary: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A vulnerability in libxml2 when parsing specially crafted XML document if XZ support is enabled causing DoS of application was found. CVE request (including reproducer): http://seclists.org/oss-sec/2015/q4/206 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5GhAg1MnGX&a=cc_unsubscribe

1 22

[Bug 1276297] New: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Bug ID: 1276297 Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0… Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 CVE assignment: http://seclists.org/oss-sec/2015/q4/130 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe

1 17

[Bug 1274222] New: libxml2: Out-of-bounds memory access
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1274222 Bug ID: 1274222 Summary: libxml2: Out-of-bounds memory access Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com, weli(a)redhat.com An out-of-bounds read vulnerability was found in libxml2 with crafted xml input. Report can be found here: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c1 Upstream patches: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e… https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0… CVE request: http://seclists.org/oss-sec/2015/q4/127 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DBMrfilEPi&a=cc_unsubscribe

1 19

[Bug 1213957] New: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1213957 Bug ID: 1213957 Summary: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Following issue was reported in libxml2 (http://seclists.org/oss-sec/2015/q2/214) """ This is an out-of-bounds memory access in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment that was returned to ruby. In Shopify, this caused ruby objects from previous http requests to be disclosed in the rendered page. Link to the issue in libxml2's bugtracker: https://bugzilla.gnome.org/show_bug.cgi?id=746048 A patched version of nokogiri (which uses a embedded libxml2) is available here: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998… This bug is still not patched upstream, but both libxml2 and nokogiri developers are aware of the issue. """ No upstream patches exist at the time of creating this Bugzilla. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zRmasjF3dU&a=cc_unsubscribe

1 27

[Bug 1306047] New: [Patch] Use posix threads, fix static library
by Red Hat Bugzilla 13 May '16

13 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1306047 Bug ID: 1306047 Summary: [Patch] Use posix threads, fix static library Product: Fedora Version: rawhide Component: mingw-glib2 Assignee: erik-fedora(a)vanpienbroek.nl Reporter: manisandro(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, klember(a)redhat.com, marcandre.lureau(a)redhat.com, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Created attachment 1122556 --> https://bugzilla.redhat.com/attachment.cgi?id=1122556&action=edit Patch The attached patch - Sets the threading implementation to posix. Win32 threads seem broken (regardless of whether used with static or dynamically linked glib) - Improves glib-prefer-constructors-over-DllMain.patch to always prefer constructors over DllMain, also handling a second case of DllMain - Adds a missing BR for mingw-pcre -- You are receiving this mail because: You are on the CC list for the bug.

1 12

[Bug 1311503] New: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)
by Red Hat Bugzilla 11 May '16

11 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1311503 Bug ID: 1311503 Summary: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: thoger(a)redhat.com CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net, csutherl(a)redhat.com, databases-maint(a)redhat.com, dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, jclere(a)redhat.com, jdornak(a)redhat.com, jdoyle(a)redhat.com, jgrulich(a)redhat.com, jorton(a)redhat.com, klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com, mclasen(a)redhat.com, mmaslano(a)redhat.com, myarboro(a)redhat.com, pmyers(a)valanet.net, ppisar(a)redhat.com, pslavice(a)redhat.com, rcollet(a)redhat.com, rjones(a)redhat.com, rmeggins(a)redhat.com, rsvoboda(a)redhat.com, t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com, walters(a)redhat.com, webstack-team(a)redhat.com, weli(a)redhat.com ZDI reported a stack-based buffer overflow in pcre and pcre2. ZDI-CAN-3542 id is used to identify the issue. https://bugs.exim.org/show_bug.cgi?id=1791 PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow. Fixed upstream in pcre and pcre2 via the following commits: http://vcs.pcre.org/pcre?view=revision&revision=1631 http://vcs.pcre.org/pcre2?view=revision&revision=489 Issue is triggered by the following pattern: /([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ PCRE 8.00 seems to be the first affected version. -- You are receiving this mail because: You are on the CC list for the bug.

2 11

[Bug 1287636] CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
by Red Hat Bugzilla 26 Apr '16

26 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1287636 Tomas Hoger <thoger(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1330508 Depends On| |1330509 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw April 2016