Bug 38908 - libxml2: Denial of service (3.2)
libxml2: Denial of service (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-8-errata
Assigned To: Janek Walkenhorst
Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-13 12:12 CEST by Arvid Requate
Modified: 2016-02-04 16:35 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-07-13 12:12:01 CEST
+++ This bug was initially created as a clone of Bug #38907 +++

* denial of service processing a crafted XML document (CVE-2015-1819)

A patch for this is available in Debian package version 2.7.8.dfsg-2+squeeze12
Comment 1 Arvid Requate univentionstaff 2015-11-17 13:48:15 CET
Fixed in 2.7.8.dfsg-2+squeeze14:

* out-of-bounds memory access (CVE-2015-7941)
* heap-buffer-overflow in xmlParseConditionalSections (CVE-2015-7942)
* DoS if xz enabled (CVE-2015-8035)
Comment 2 Arvid Requate univentionstaff 2015-11-17 14:54:47 CET
CVE-2015-8035 doesn't affect the squeeze version.
Comment 3 Arvid Requate univentionstaff 2016-01-05 18:37:53 CET
Upstream Debian package version 2.7.8.dfsg-2+squeeze16 fixes the following additional issues:

* Denial of service (CPU consumption) in xmlStringLenDecodeEntities when processing specially crafted XML input (CVE-2015-5312)

* Denial of service due to heap-based buffer overflow in the xmlDictComputeFastQKey (CVE-2015-7497)

* Denial of service due to heap-based buffer overflow in xmlParseXmlDecl (CVE-2015-7498)

* Information discosure due to heap-based buffer overflow in the xmlGROW (CVE-2015-7499)

* Denial of service due to out-of-bounds heap read in xmlParseMisc (CVE-2015-7500)

* Denial of service (heap-based buffer over-read and application crash) via crafted XML data due to Buffer overread with XML parser in xmlNextChar (CVE-2015-8241)

* Out-of-bounds heap read when parsing file with unfinished xml declaration (CVE-2015-8317)


The Debian Security Advisory summarizes all of these issues as:

"A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or
crash the application."
Comment 4 Janek Walkenhorst univentionstaff 2016-01-28 18:19:18 CET
Tests: OK
Advisory: libxml2.yaml
Comment 5 Daniel Tröder univentionstaff 2016-02-03 12:13:17 CET
OK: DEBIAN_FRONTEND=noninteractive apt-get install libxml2-utils
OK: advisory
OK: manual tests:
# xmllint --repeat --noout sync/ucs.xml
# wget -q http://www.wikipedia.org -O - | xmllint --html --valid --noout -
Comment 6 Janek Walkenhorst univentionstaff 2016-02-04 16:35:36 CET
<http://errata.software-univention.de/ucs/3.2/397.html>