Bugzilla – Bug 769184
VUL-0: CVE-2012-2807: libxml2: integer overflow
Last modified: 2020-11-16 07:50:09 UTC
Your friendly security team received the following report via security@suse.de. Please respond ASAP. The issue is public. ====================================================== Name: CVE-2012-2807 Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Reference: CONFIRM: http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=129930 git commit referring to the bug report: http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb
Packages for SLE submitted.
The SWAMPID for this issue is 48073. This issue was rated as important. Please submit fixed packages until 2012-07-05. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
bugbot adjusting priority
Daniel Veillard plans to develop a better solution for upstream next week
i have adjusted the submission date towards next week.
any news?
Unfortunately there's no upstream commit yet.
i pushed the deadline back another week
canceled the swamp to wait for a fix ... any news?
still no fix :-(
Upstream patch finally out: https://bugzilla.redhat.com/show_bug.cgi?id=835863#c4
The SWAMPID for this issue is 48354. This issue was rated as moderate. Please submit fixed packages until 2012-08-01. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
you just submitted sle11 sp1? is the sle10 codebase affected?
openSUSE packages submitted
openSUSE-SU-2012:0975-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 769184 CVE References: CVE-2012-2807 Sources used: openSUSE 12.1 (src): libxml2-2.7.8+git20110708-3.11.1 openSUSE 11.4 (src): libxml2-2.7.8-34.1
This is an autogenerated message for OBS integration: This bug (769184) was mentioned in https://build.opensuse.org/request/show/131786 Evergreen:11.2 / libxml2
This is an autogenerated message for OBS integration: This bug (769184) was mentioned in https://build.opensuse.org/request/show/131845 Evergreen:11.2 / libxml2
Created attachment 504102 [details] PoC Taken from here: https://code.google.com/p/chromium/issues/detail?id=107128
released
Update released for: libxml2, libxml2-devel Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: libxml2, libxml2-32bit, libxml2-64bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-devel-64bit, libxml2-x86 Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
The SWAMPID for this issue is 54710. This issue was rated as important. Please submit fixed packages until 2013-10-22. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-python, libxml2-python-debuginfo, libxml2-test Products: SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64) SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)