Bugzilla – Bug 956260
VUL-1: CVE-2015-8317: libxml2: Several out of bounds reads
Last modified: 2016-01-22 09:21:26 UTC
Via oss security reported by Hanno Böck: > https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html As far as we can tell, what you mean is that: - http://www.xmlsoft.org/news.html mentions 10 CVE IDs - the descriptions of those CVE IDs seem largely unrelated to either 751603 or 751631 - also, there is discussion in 751631 about possibly not having a CVE ID - the cve-assign@mitre.org address was on your Cc line and thus your own preference is for your research to have a CVE mapping when possible. > A malformed XML file can cause a heap out of bounds read access in the > function xmlParseXMLDecl. > xmlParseXMLDecl: out of bounds heap access if versionencoding="es and any UTF-8 got > https://bugzilla.gnome.org/show_bug.cgi?id=751603 > https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c > A second, very similar issue in the same function xmlParseXMLDecl. > xmlParseXMLDecl: out of bounds heap read on 0xff char in xml declaration > https://bugzilla.gnome.org/show_bug.cgi?id=751631 > https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e Use CVE-2015-8317 for both 751603 and 751631. > A malformed XML file can cause a global out of bounds read access in > the function xmlNextChar. This only affected the git code and was never > an issue in any release version. Upstream bug #751643 In the case of a widely used library, a vulnerability in git code, without an affected upstream release, can sometimes have a CVE ID. However, it would be necessary to establish that a product used the vulnerable code. For example, at least in the past, one of the principal libxml2 users was Chrome. At present, it seems that Chromium is using parserInternals.c from 2.9.2, not from unreleased git code (download https://chromium.googlesource.com/chromium/src/+/master/third_party/libxml/src/parserInternals.c?format=TEXT and then base64 decode that and compare it to the 2.9.2 file). Our guess is that it is unlikely that this specific xmlNextChar vulnerability affected a product; we are not planning to research this, but other people can research it if they wish. There is currently no CVE ID for 751643. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317 http://seclists.org/oss-sec/2015/q4/354
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Dec. 14, 2015". When done, reassign the bug to "security-team@suse.de". /update/121058/.
This is an autogenerated message for OBS integration: This bug (956260) was mentioned in https://build.opensuse.org/request/show/349390 13.2+13.1 / libxml2
openSUSE-SU-2015:2372-1: An update that fixes 14 vulnerabilities is now available. Category: security (moderate) Bug References: 928193,951734,951735,954429,956018,956021,956260,957105,957106,957107,957109,957110 CVE References: CVE-2014-0191,CVE-2014-3660,CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8035,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317 Sources used: openSUSE 13.2 (src): libxml2-2.9.3-7.4.1, python-libxml2-2.9.3-7.4.1 openSUSE 13.1 (src): libxml2-2.9.3-2.19.1, python-libxml2-2.9.3-2.19.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-01-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62411
SUSE-SU-2016:0030-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 928193,951734,951735,956018,956021,956260,957105,957106,957107,957109,957110 CVE References: CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libxml2-2.7.6-0.34.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): libxml2-2.7.6-0.34.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4 SUSE Linux Enterprise Server 11-SP4 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4 SUSE Linux Enterprise Server 11-SP3 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4 SUSE Linux Enterprise Desktop 11-SP4 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4 SUSE Linux Enterprise Desktop 11-SP3 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libxml2-2.7.6-0.34.1, libxml2-python-2.7.6-0.34.4
SUSE-SU-2016:0049-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 928193,951734,951735,954429,956018,956021,956260,957105,957106,957107,957109,957110 CVE References: CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8035,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libxml2-2.9.1-13.1 SUSE Linux Enterprise Software Development Kit 12 (src): libxml2-2.9.1-13.1 SUSE Linux Enterprise Server 12-SP1 (src): libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1 SUSE Linux Enterprise Server 12 (src): libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1 SUSE Linux Enterprise Desktop 12-SP1 (src): libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1 SUSE Linux Enterprise Desktop 12 (src): libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Jan. 22, 2016". When done, reassign the bug to "security-team@suse.de". /update/121235/.
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Jan. 22, 2016". When done, reassign the bug to "security-team@suse.de". /update/62418/.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-01-22. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62418
openSUSE-SU-2016:0106-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 928193,951734,951735,954429,956018,956021,956260,957105,957106,957107,957109,957110 CVE References: CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8035,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317 Sources used: openSUSE Leap 42.1 (src): libxml2-2.9.1-10.1, python-libxml2-2.9.1-10.1
All done, closing