951734 – (CVE-2015-7941) VUL-1: CVE-2015-7941: libxml2: Crafted xml causes out of bound memory access

Bug 951734 (CVE-2015-7941) - VUL-1: CVE-2015-7941: libxml2: Crafted xml causes out of bound memory access

Summary: VUL-1: CVE-2015-7941: libxml2: Crafted xml causes out of bound memory access

Status:	RESOLVED FIXED

Alias:	CVE-2015-7941

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Deadline:	2016-01-22
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/158143/
Whiteboard:	CVSSv2:RedHat:CVE-2015-7941:4.0:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-10-23 09:05 UTC by Andreas Stieger
Modified:	2016-01-22 09:20 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
upstream patch (1.25 KB, patch) 2015-10-26 15:24 UTC, Kristyna Streitova	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-10-23 09:05:19 UTC

Out of bound read in libxml2 with crafted xml input. 

Reported discussion : https://bugzilla.gnome.org/show_bug.cgi?id=744980

Out-of-bounds read, only visible to memory checkers.

Copy of the test case:
http://lcamtuf.coredump.cx/afl/demo/libxml2_oob.xml


https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Use CVE-2015-7941 for the discussion in 744980 up to and including
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c7 (this includes
a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 and
9b8512337d14c8ddf662fcb98b0135f225a1c489).


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7941
http://seclists.org/oss-sec/2015/q4/130
https://bugzilla.gnome.org/show_bug.cgi?id=756456
https://bugzilla.gnome.org/show_bug.cgi?id=744980

Comment 1 Swamp Workflow Management 2015-10-23 22:00:15 UTC

bugbot adjusting priority

Comment 2 Kristyna Streitova 2015-10-26 15:24:54 UTC

Created attachment 653207 [details]
upstream patch

Attaching the patch created from the two upstream commits from the comment 0.

This patch suits for:
- SLE11 (2.7.1)
- SLE11SP1 (2.7.6)
- SLE12 (2.9.1)
- openSUSE 13.1 (2.9.1)
- openSUSE 13.2 (2.9.1)
- openSUSE Leap (2.9.1)
- devel/Factory (2.9.2)

It would have to be modified for SLE10SP3 (2.6.23). Is it needed? Will the update be triggered for SLE10SP3?

Btw. I'm able to reproduce it for libxml2-2.9.* but not for SLE11. Andreas, is there any way how to reproduce it for SLE11? Thank you.

Comment 3 SMASH SMASH 2015-11-30 12:16:03 UTC

An update workflow for this issue was started.

This issue was rated as "low".
Please submit fixed packages until "Dec. 14, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/121058/.

Comment 7 Bernhard Wiedemann 2015-12-17 14:00:19 UTC

This is an autogenerated message for OBS integration:
This bug (951734) was mentioned in
https://build.opensuse.org/request/show/349390 13.2+13.1 / libxml2

Comment 9 Swamp Workflow Management 2015-12-27 00:13:11 UTC

openSUSE-SU-2015:2372-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 928193,951734,951735,954429,956018,956021,956260,957105,957106,957107,957109,957110
CVE References: CVE-2014-0191,CVE-2014-3660,CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8035,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317
Sources used:
openSUSE 13.2 (src):    libxml2-2.9.3-7.4.1, python-libxml2-2.9.3-7.4.1
openSUSE 13.1 (src):    libxml2-2.9.3-2.19.1, python-libxml2-2.9.3-2.19.1

Comment 10 Swamp Workflow Management 2016-01-05 14:27:25 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-01-19.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62411

Comment 11 Swamp Workflow Management 2016-01-05 19:11:50 UTC

SUSE-SU-2016:0030-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 928193,951734,951735,956018,956021,956260,957105,957106,957107,957109,957110
CVE References: CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libxml2-2.7.6-0.34.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    libxml2-2.7.6-0.34.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE Linux Enterprise Server 11-SP4 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE Linux Enterprise Server 11-SP3 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE Linux Enterprise Desktop 11-SP4 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE Linux Enterprise Desktop 11-SP3 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4

Comment 12 Swamp Workflow Management 2016-01-07 16:13:10 UTC

SUSE-SU-2016:0049-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 928193,951734,951735,954429,956018,956021,956260,957105,957106,957107,957109,957110
CVE References: CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8035,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libxml2-2.9.1-13.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libxml2-2.9.1-13.1
SUSE Linux Enterprise Server 12-SP1 (src):    libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1
SUSE Linux Enterprise Server 12 (src):    libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1
SUSE Linux Enterprise Desktop 12 (src):    libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1

Comment 13 SMASH SMASH 2016-01-08 15:01:24 UTC

An update workflow for this issue was started.

This issue was rated as "low".
Please submit fixed packages until "Jan. 22, 2016".

When done, reassign the bug to "security-team@suse.de".
/update/121235/.

Comment 14 SMASH SMASH 2016-01-08 15:06:10 UTC

An update workflow for this issue was started.

This issue was rated as "low".
Please submit fixed packages until "Jan. 22, 2016".

When done, reassign the bug to "security-team@suse.de".
/update/62418/.

Comment 15 Swamp Workflow Management 2016-01-08 15:07:32 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-01-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62418

Comment 16 Swamp Workflow Management 2016-01-13 17:12:31 UTC

openSUSE-SU-2016:0106-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 928193,951734,951735,954429,956018,956021,956260,957105,957106,957107,957109,957110
CVE References: CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8035,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317
Sources used:
openSUSE Leap 42.1 (src):    libxml2-2.9.1-10.1, python-libxml2-2.9.1-10.1

Comment 17 Andreas Stieger 2016-01-22 09:20:02 UTC

All done