Bugzilla – Bug 960674
VUL-0: CVE-2015-8710: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
Last modified: 2019-09-25 15:55:55 UTC
rh#1213957 http://seclists.org/oss-sec/2015/q2/214): "This is an out-of-bounds memory access in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment that was returned to ruby. In Shopify, this caused ruby objects from previous http requests to be disclosed in the rendered page. Link to the issue in libxml2's bugtracker: https://bugzilla.gnome.org/show_bug.cgi?id=746048 " Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c References: https://bugzilla.redhat.com/show_bug.cgi?id=1213957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8710 http://seclists.org/oss-sec/2015/q4/616 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8710.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
bugbot adjusting priority
Created attachment 661086 [details] upstream patch SLE --- Attaching the upstream patch that suits all SLE maintained products. openSUSE -------- - 13.1 and 13.2 are not affected - Leap is affected but it will be fixed via SLE12 - Factory is affected but it will be updated to version 2.9.3 soon (which has this problem fixed)
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Jan. 22, 2016". When done, reassign the bug to "security-team@suse.de". /update/121235/.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-01-22. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62418
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Jan. 22, 2016". When done, reassign the bug to "security-team@suse.de". /update/62418/.
SLE submissions overview: | Product | Request | |----------|---------| | SLE10SP3 | #88216 | | SLE11SP1 | #88212 | | SLE12 | #88208 | Reassigning to security team.
Created attachment 662441 [details] xx.c gcc -O2 -o xx xx.c -lxml2 valgrind ./xx
SUSE-SU-2016:0178-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 960674 CVE References: CVE-2015-8710 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libxml2-2.9.1-17.1 SUSE Linux Enterprise Software Development Kit 12 (src): libxml2-2.9.1-17.1 SUSE Linux Enterprise Server 12-SP1 (src): libxml2-2.9.1-17.1, python-libxml2-2.9.1-17.1 SUSE Linux Enterprise Server 12 (src): libxml2-2.9.1-17.1, python-libxml2-2.9.1-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): libxml2-2.9.1-17.1, python-libxml2-2.9.1-17.1 SUSE Linux Enterprise Desktop 12 (src): libxml2-2.9.1-17.1, python-libxml2-2.9.1-17.1
SUSE-SU-2016:0187-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 960674 CVE References: CVE-2015-8710 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libxml2-2.7.6-0.37.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): libxml2-2.7.6-0.37.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4 SUSE Linux Enterprise Server 11-SP4 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4 SUSE Linux Enterprise Server 11-SP3 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4 SUSE Linux Enterprise Desktop 11-SP4 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4 SUSE Linux Enterprise Desktop 11-SP3 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libxml2-2.7.6-0.37.1, libxml2-python-2.7.6-0.37.4
openSUSE-SU-2016:0188-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 960674 CVE References: CVE-2015-8710 Sources used: openSUSE Leap 42.1 (src): libxml2-2.9.1-13.1, python-libxml2-2.9.1-13.1
All done
As we saw request for 11SP1 also has been initialized: | Product | Request | |----------|---------| | SLE11SP1 | #88212 | May I know where is the fix for SLE11SP1 accordingly for this CVE?
sles11 sp1 ltss does not receive proactive updates anymore. If you have a valid contract covering sles11 sp1 ltss, request the update over our NTS teams as usual.