Univention Bugzilla – Full Text Bug Listing |
Summary: | libxml2: Denial of service (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Janek Walkenhorst <walkenhorst> |
Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Arvid Requate
2015-07-13 12:10:48 CEST
* out-of-bounds memory access (CVE-2015-7941) * heap-buffer-overflow in xmlParseConditionalSections (CVE-2015-7942) * DoS if xz enabled (CVE-2015-8035) Upstream Debian package version 2.8.0+dfsg1-7+wheezy5 fixes all of the above and the following additional issues. * Denial of service (CPU consumption) in xmlStringLenDecodeEntities when processing specially crafted XML input (CVE-2015-5312) * Denial of service due to heap-based buffer overflow in the xmlDictComputeFastQKey (CVE-2015-7497) * Denial of service due to heap-based buffer overflow in xmlParseXmlDecl (CVE-2015-7498) * Information discosure due to heap-based buffer overflow in the xmlGROW (CVE-2015-7499) * Denial of service due to out-of-bounds heap read in xmlParseMisc (CVE-2015-7500) * Denial of service (heap-based buffer over-read and application crash) via crafted XML data due to Buffer overread with XML parser in xmlNextChar (CVE-2015-8241) * Out-of-bounds heap read when parsing file with unfinished xml declaration (CVE-2015-8317) The Debian Security Advisory summarizes all of these issues as: "A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application." Tests: OK Advisory: libxml2.yaml OK: DEBIAN_FRONTEND=noninteractive apt-get install libxml2-utils OK: advisory OK: manual tests: # xmllint --repeat --noout sync/ucs.xml # wget -q http://www.wikipedia.org -O - | xmllint --html --valid --noout - |