Bugzilla – Bug 979441
VUL-0: CVE-2016-0718: expat: XML Parser Crashes on Malformed Input
Last modified: 2017-05-11 01:07:40 UTC
EMBARGOED until CRD: 2016-05-17 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input via pre-notification: Severity: Critical Versions Affected: All Expat XML Parser library versions Description: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Mitigation: Applications that are using Expat should apply the attached patch as soon as possible. Credit: this issue was reported by Gustavo Grieco and patched by: * Christian Heimes * Karl Waclawek * Gustavo Grieco * Sebastian Pipping
Created attachment 676489 [details] Patch from upstream .
Created attachment 676490 [details] PoC from upstream .
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-05-25. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62734
Created attachment 677437 [details] Patch from upstream v2 Updated upstream patch.
(In reply to Johannes Segitz from comment #7) > Yes, please include the updated patch and the fix for bnc#980391 All done. Summary of submissions: | Codestream | Request | |--------------------|----------| | SUSE:SLE-11:Update | #114767 | | SUSE:SLE-12:Update | #114768 | | openSUSE:13.2 | #396617 | | openSUSE:Leap:42.1 | -* | | openSUSE:Factory | #396618 | * via SLE12 Reassigning to the security team.
This is an autogenerated message for OBS integration: This bug (979441) was mentioned in https://build.opensuse.org/request/show/396617 13.2 / expat
is public
(In reply to Kristyna Streitova from comment #9) > | Codestream | Request | > |--------------------|----------| > | SUSE:SLE-11:Update | #114767 | > | SUSE:SLE-12:Update | #114768 | > | openSUSE:13.2 | #396617 | > | openSUSE:Leap:42.1 | -* | > | openSUSE:Factory | #396618 | > > * via SLE12 Submitted for SLE10SP3: | SUSE:SLE-10-SP3 | #115250 |
openSUSE-SU-2016:1441-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: openSUSE 13.2 (src): expat-2.1.0-14.3.1
SUSE-SU-2016:1508-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Software Development Kit 12 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Server 12-SP1 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Server 12 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Desktop 12 (src): expat-2.1.0-17.1
SUSE-SU-2016:1512-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: SUSE Studio Onsite 1.3 (src): expat-2.0.1-88.38.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): expat-2.0.1-88.38.1 SUSE Linux Enterprise Server 11-SP4 (src): expat-2.0.1-88.38.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): expat-2.0.1-88.38.1
openSUSE-SU-2016:1523-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: openSUSE Leap 42.1 (src): expat-2.1.0-17.1
released