https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Bug ID: 1262849 Summary: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, drizt@land.ru, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com
Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment was found in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment.
CVE request:
http://seclists.org/oss-sec/2015/q3/540
Upstream was notified, but patch is not released yet. However, a patch for nokogiri, which uses embedded libxml2, was proposed:
https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998e...
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1262850
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1262851 Depends On| |1262853 Depends On| |1262854
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1262851]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1262851 [Bug 1262851] libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262853 [Bug 1262853] mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262854 [Bug 1262854] mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1262853] Affects: epel-7 [bug 1262854]
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|libxml2: Out-of-bounds |libxml2: Out-of-bounds |memory access when parsing |memory access when parsing |unclosed HTMl comment |unclosed HTML comment
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1276694 CC| |mprpic@redhat.com
--- Comment #3 from Martin Prpic mprpic@redhat.com --- *** Bug 1276688 has been marked as a duplicate of this bug. ***
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
--- Comment #4 from Adam Mariš amaris@redhat.com --- Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846...
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE Last Closed| |2015-11-13 11:19:53
--- Comment #5 from Adam Mariš amaris@redhat.com ---
*** This bug has been marked as a duplicate of bug 1213957 ***
https://bugzilla.redhat.com/show_bug.cgi?id=1262849 Bug 1262849 depends on bug 1262853, which changed state.
Bug 1262853 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262853
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1262849 Bug 1262849 depends on bug 1262854, which changed state.
Bug 1262854 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1262854
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA