Bug 981110 (CVE-2016-1836) - VUL-0: CVE-2016-1836: libxml2: Heap use-after-free in xmlDictComputeFastKey
Summary: VUL-0: CVE-2016-1836: libxml2: Heap use-after-free in xmlDictComputeFastKey
Status: RESOLVED FIXED
Alias: CVE-2016-1836
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-23 11:44 UTC by Alexander Bergmann
Modified: 2018-12-08 09:01 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-05-23 11:44:29 UTC 
https://git.gnome.org/browse/libxml2/tag/?h=CVE-2016-1836

Heap use-after-free in xmlDictComputeFastKey

https://bugzilla.gnome.org/show_bug.cgi?id=759398

* parser.c:
(xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. 
* result/errors/759398.xml: Added.
* result/errors/759398.xml.err: Added.
* result/errors/759398.xml.str: Added.
* test/errors/759398.xml: Added test case.

https://git.gnome.org/browse/libxml2/commit/?h=CVE-2016-1836&id=45752d2c334b50016666d8f0ec3691e2d680f0a0
Comment 1 Swamp Workflow Management 2016-05-23 22:01:44 UTC 
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2016-06-16 11:09:49 UTC 
openSUSE-SU-2016:1594-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 972335,975947,978395,981040,981041,981108,981109,981110,981111,981112,981114,981115,983288
CVE References: CVE-2016-1762,CVE-2016-1833,CVE-2016-1834,CVE-2016-1835,CVE-2016-1836,CVE-2016-1837,CVE-2016-1838,CVE-2016-1839,CVE-2016-1840,CVE-2016-3627,CVE-2016-3705,CVE-2016-4483
Sources used:
openSUSE 13.2 (src):    libxml2-2.9.4-7.17.1, python-libxml2-2.9.4-7.17.1
Comment 4 Marcus Meissner 2016-08-01 09:16:53 UTC 
released