981108 – (CVE-2016-1833) VUL-0: CVE-2016-1833: libxml2: Heap-based buffer overread in htmlCurrentChar

Bug 981108 (CVE-2016-1833) - VUL-0: CVE-2016-1833: libxml2: Heap-based buffer overread in htmlCurrentChar

Summary: VUL-0: CVE-2016-1833: libxml2: Heap-based buffer overread in htmlCurrentChar

Status:	RESOLVED FIXED

Alias:	CVE-2016-1833

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2016-06-17
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:62794:moderate maint:re...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-05-23 11:44 UTC by Alexander Bergmann
Modified:	2016-08-04 09:40 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer 1 (258 bytes, application/octet-stream) 2016-06-07 10:07 UTC, Alexander Bergmann	Details
Reproducer 2 (15 bytes, text/html) 2016-06-07 10:07 UTC, Alexander Bergmann	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-05-23 11:44:21 UTC

https://git.gnome.org/browse/libxml2/tag/?h=CVE-2016-1833

Heap-based buffer overread in htmlCurrentChar

https://bugzilla.gnome.org/show_bug.cgi?id=758606

* parserInternals.c:
(xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively.
For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely.
* result/HTML/758606.html: Added.
* result/HTML/758606.html.err: Added.
* result/HTML/758606.html.sax: Added.
* result/HTML/758606_2.html: Added.
* result/HTML/758606_2.html.err: Added.
* result/HTML/758606_2.html.sax: Added.
* test/HTML/758606.html: Added test case.
* test/HTML/758606_2.html: Added test case. 

https://git.gnome.org/browse/libxml2/commit/?h=CVE-2016-1833&id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76

Comment 1 Swamp Workflow Management 2016-05-23 22:01:34 UTC

bugbot adjusting priority

Comment 6 Swamp Workflow Management 2016-06-03 13:04:37 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-06-17.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62795

Comment 7 Alexander Bergmann 2016-06-07 10:07:12 UTC

Created attachment 679857 [details]
Reproducer 1

Reproducer from public GNOME bugzilla bug.

https://bugzilla.gnome.org/show_bug.cgi?id=758606

Comment 8 Alexander Bergmann 2016-06-07 10:07:33 UTC

Created attachment 679858 [details]
Reproducer 2

Reproducer from public GNOME bugzilla bug.

https://bugzilla.gnome.org/show_bug.cgi?id=758606

Comment 10 Swamp Workflow Management 2016-06-09 16:08:56 UTC

SUSE-SU-2016:1538-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 963963,965283,978395,981040,981041,981108,981109,981111,981112,981114,981115,981548,981549,981550
CVE References: CVE-2015-8806,CVE-2016-1762,CVE-2016-1833,CVE-2016-1834,CVE-2016-1835,CVE-2016-1837,CVE-2016-1838,CVE-2016-1839,CVE-2016-1840,CVE-2016-2073,CVE-2016-3705,CVE-2016-4447,CVE-2016-4448,CVE-2016-4449,CVE-2016-4483
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libxml2-2.9.1-24.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libxml2-2.9.1-24.1
SUSE Linux Enterprise Server 12-SP1 (src):    libxml2-2.9.1-24.1, python-libxml2-2.9.1-24.1
SUSE Linux Enterprise Server 12 (src):    libxml2-2.9.1-24.1, python-libxml2-2.9.1-24.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libxml2-2.9.1-24.1, python-libxml2-2.9.1-24.1
SUSE Linux Enterprise Desktop 12 (src):    libxml2-2.9.1-24.1, python-libxml2-2.9.1-24.1

Comment 11 Swamp Workflow Management 2016-06-16 11:09:28 UTC

openSUSE-SU-2016:1594-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 972335,975947,978395,981040,981041,981108,981109,981110,981111,981112,981114,981115,983288
CVE References: CVE-2016-1762,CVE-2016-1833,CVE-2016-1834,CVE-2016-1835,CVE-2016-1836,CVE-2016-1837,CVE-2016-1838,CVE-2016-1839,CVE-2016-1840,CVE-2016-3627,CVE-2016-3705,CVE-2016-4483
Sources used:
openSUSE 13.2 (src):    libxml2-2.9.4-7.17.1, python-libxml2-2.9.4-7.17.1

Comment 12 Swamp Workflow Management 2016-06-16 11:11:47 UTC

openSUSE-SU-2016:1595-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 963963,965283,978395,981040,981041,981108,981109,981111,981112,981114,981115,981548,981549,981550
CVE References: CVE-2015-8806,CVE-2016-1762,CVE-2016-1833,CVE-2016-1834,CVE-2016-1835,CVE-2016-1837,CVE-2016-1838,CVE-2016-1839,CVE-2016-1840,CVE-2016-2073,CVE-2016-3705,CVE-2016-4447,CVE-2016-4448,CVE-2016-4449,CVE-2016-4483
Sources used:
openSUSE Leap 42.1 (src):    libxml2-2.9.1-19.1, python-libxml2-2.9.1-19.1

Comment 13 Swamp Workflow Management 2016-06-17 13:09:23 UTC

SUSE-SU-2016:1604-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 963963,965283,978395,981040,981041,981108,981109,981111,981112,981114,981115,981548,981549,981550
CVE References: CVE-2015-8806,CVE-2016-1762,CVE-2016-1833,CVE-2016-1834,CVE-2016-1835,CVE-2016-1837,CVE-2016-1838,CVE-2016-1839,CVE-2016-1840,CVE-2016-2073,CVE-2016-3705,CVE-2016-4447,CVE-2016-4448,CVE-2016-4449,CVE-2016-4483
Sources used:
SUSE OpenStack Cloud 5 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Manager Proxy 2.1 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Manager 2.1 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libxml2-2.7.6-0.44.1
SUSE Linux Enterprise Server 11-SP4 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    libxml2-2.7.6-0.44.1, libxml2-python-2.7.6-0.44.4

Comment 14 Marcus Meissner 2016-08-01 09:08:15 UTC

all released