Bug 979205 (CVE-2016-4570) - VUL-1: CVE-2016-4570: mxml: two stack exhaustation parsing xml files using mxml
Summary: VUL-1: CVE-2016-4570: mxml: two stack exhaustation parsing xml files using mxml
Status: RESOLVED FIXED
Alias: CVE-2016-4570
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Marcus Rückert
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/168775/
Whiteboard: CVSSv2:SUSE:CVE-2016-4570:4.3:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-10 08:05 UTC by Sebastian Krahmer
Modified: 2018-02-22 16:49 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
stack-exhaustion-1.xml (443.91 KB, text/plain)
2017-03-10 10:49 UTC, Marcus Meissner 		Details
testmxml.c (18.93 KB, text/plain)
2017-03-10 10:53 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2017-03-10 10:49:30 UTC 
Created attachment 717019 [details]
stack-exhaustion-1.xml

stack-exhaustion-1.xml  from reproducers . needsto be feed into a mxml using parser
Comment 2 Marcus Meissner 2017-03-10 10:53:59 UTC 
Created attachment 717022 [details]
testmxml.c

QA REPRODUCER:

gcc -pthread -o testmxml testmxml.c -lmxml
ulimit -s 1024
./testmxml stack-exhaustion-1.xml

should not segfault
Comment 3 Marcus Meissner 2017-03-10 10:54:57 UTC 
* Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)

fix is also in

https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb

https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
Comment 4 Marcus Rückert 2017-03-10 15:54:14 UTC 
sle 11 submission 129141.

leap was submitted earlier already.
Comment 5 Swamp Workflow Management 2017-03-27 19:08:01 UTC 
openSUSE-SU-2017:0815-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979205,979206
CVE References: CVE-2016-4570,CVE-2016-4571
Sources used:
openSUSE Leap 42.2 (src):    mxml-2.9-5.3.1
openSUSE Leap 42.1 (src):    mxml-2.9-5.1
Comment 6 Marcus Meissner 2017-06-20 11:50:54 UTC 
sle11 rq 129141:

State:   revoked    2017-05-11T03:32:31 Admin
Comment: The source project 'home:darix:branches:OBS_Maintained:mxml' has been removed

Review:  new        Group: autobuild-team
         declined   Group: maintenance-team                            2017-03-10T15:53:21 maintenance-robot
  Reasons why the auto-review script declined the submission:
(E) The package fails to build, please check
Comment 7 Marcus Rückert 2017-08-07 10:46:39 UTC 
project undeleted and reopened the request.
Comment 8 Marcus Meissner 2017-10-26 05:42:21 UTC 
sr 129141 was again declined by the source checker script.

run osc service lr source_validator
Comment 9 Marcus Rückert 2017-11-06 11:36:31 UTC 
resubmitted again.
Comment 10 Swamp Workflow Management 2017-11-23 20:10:33 UTC 
SUSE-SU-2017:3060-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979205,979206
CVE References: CVE-2016-4570,CVE-2016-4571
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mxml-2.5-24.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mxml-2.5-24.3.1
Comment 11 Marcus Meissner 2018-02-22 16:49:07 UTC 
released