Bug 1026099 (CVE-2016-9596) - VUL-0: CVE-2016-9596: libxml2: stack exhaustion while parsing xml files in recovery mode
Summary: VUL-0: CVE-2016-9596: libxml2: stack exhaustion while parsing xml files in re...
Status: RESOLVED DUPLICATE of bug 972335
: CVE-2016-9598 (view as bug list)
Alias: CVE-2016-9596
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Tomáš Chvátal
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/178060/
Whiteboard: CVSSv2:NVD:CVE-2016-3627:5.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-20 10:12 UTC by Marcus Meissner
Modified: 2019-08-16 17:14 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-02-20 10:12:22 UTC 
via redhat bugzilla

libxml2: stack exhaustion while parsing xml files in recovery mode

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1408302
Comment 1 Marcus Meissner 2017-02-20 10:12:42 UTC 
from redhat bug


Comment 2 Salvatore Bonaccorso 2016-12-22 15:45:27 EST

Are there any details available for this? Upsteam bug, commit reference?

Comment 4 Tomas Hoger 2017-01-02 05:21:14 EST

(In reply to Salvatore Bonaccorso from comment #2)
> Are there any details available for this? Upsteam bug, commit reference?

This and the other two should be for a Red Hat specific security regressions, effectively duplicates of other public CVEs.  I'm going to ask Bharti to fix these bugs up properly.
Comment 2 Marcus Meissner 2017-02-20 10:15:03 UTC 
This is a redhat assigned duplicate of CVE-2016-3627 / bug 972335

*** This bug has been marked as a duplicate of bug 972335 ***
Comment 3 Marcus Meissner 2017-02-20 10:29:27 UTC 
*** Bug 1026101 has been marked as a duplicate of this bug. ***