Univention Bugzilla – Bug 52004
libxml2: Multiple issues (4.4)
Last modified: 2020-09-16 12:44:56 CEST
New Debian libxml2 2.9.4+dfsg1-2.2+deb9u3 fixes: This update addresses the following issues: * Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872) * denial of service in xz_head function in xzlib.c (CVE-2017-18258) * NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service (CVE-2018-14404) * Infinite loop when --with-lzma is used allows for denial of service via crafted XML file (CVE-2018-14567) * memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) * GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). (CVE-2020-24977)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libxml2_2.9.4+dfsg1-2.2+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/libxml2_2.9.4+dfsg1-2.2+deb9u3.dsc @@ -1,3 +1,34 @@ +2.9.4+dfsg1-2.2+deb9u3 [Wed, 09 Sep 2020 22:06:27 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2017-8872: + Global buffer-overflow in the htmlParseTryOrFinish function. + * Fix CVE-2019-20388: + A memory leak was found in the xmlSchemaValidateStream function of libxml2. + Applications that use this library may be vulnerable to memory not being + freed leading to a denial of service. + * Fix CVE-2020-24977: + Out-of-bounds read restricted to xmllint --htmlout. + * Fix CVE-2020-7595: + Infinite loop in xmlStringLenDecodeEntities can cause a denial of service. + * Fix CVE-2017-18258: + The xz_head function in libxml2 allows remote attackers to cause a denial + of service (memory consumption) via a crafted LZMA file, because the + decoder functionality does not restrict memory usage to what is required + for a legitimate file. + * Fix CVE-2018-14404: + A NULL pointer dereference vulnerability exists in the + xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid + XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications + processing untrusted XSL format inputs may be vulnerable to a denial of + service attack. + * Fix CVE-2018-14567: + If --with-lzma is used, allows remote attackers to cause a denial of + service (infinite loop) via a crafted XML file. + * Fix CVE-2019-19956: + The xmlParseBalancedChunkMemoryRecover has a memory leak related to + newDoc->oldNs. + 2.9.4+dfsg1-2.2+deb9u2 [Fri, 12 Jan 2018 19:15:42 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.4-5/#4482584142253674297>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] afbbcd8560 Bug #52004: libxml2 2.9.4+dfsg1-2.2+deb9u3 doc/errata/staging/libxml2.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x740>