See https://www.openwall.com/lists/oss-security/2023/10/06/5 and https://gitlab.gnome.org/GNOME/libxml2/-/issues/583. > libxml2 through 2.11.5 has a use-after-free that can only occur after a > certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. > NOTE: the vendor's position is "I don't think these issues are critical > enough to warrant a CVE ID ... because an attacker typically can't control > when memory allocations fail."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d172c4f999dff461c5401bf97ba83f81390dc55 commit 5d172c4f999dff461c5401bf97ba83f81390dc55 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-10-08 04:44:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-08 04:48:09 +0000 dev-libs/libxml2: fix CVE-2023-45322 Bug: https://bugs.gentoo.org/915351 Signed-off-by: Sam James <sam@gentoo.org> .../files/libxml2-2.11.5-CVE-2023-45322.patch | 71 ++++++++ dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 +++++++++++++++++++++ 2 files changed, 271 insertions(+)
The original fix for this issue turned out to be buggy: https://gitlab.gnome.org/GNOME/libxml2/-/issues/634 It was reverted upstream... https://gitlab.gnome.org/GNOME/libxml2/-/commit/de3f70146dc531a1f2c0976dc1c2bff84529f161 and then subsequently fixed in a different way: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8707838e69f9c6e729c1d1d46bb3681d9e622be5 I've disabled the test for now, but the current backport is causing test failures in dev-lang/php because a copied XML document isn't the same as the original.
(In reply to Michael Orlitzky from comment #2) > The original fix for this issue turned out to be buggy: Ugh, sorry for missing that, and thanks. I originally wasn't even going to patch this, but I succumbed to the temptation to silence people asking why it's not fixed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e85e47ba7c520c0a553d527c33c5c297cb8ff286 commit e85e47ba7c520c0a553d527c33c5c297cb8ff286 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-09 09:36:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-09 09:37:22 +0000 [ GLSA 202402-11 ] libxml2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904202 Bug: https://bugs.gentoo.org/905399 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-11.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9f602950cfe3df380e2ef8909025f1a2255bf04 commit f9f602950cfe3df380e2ef8909025f1a2255bf04 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-04 11:12:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-04 11:12:24 +0000 dev-libs/libxml2: drop 2.11.5, 2.11.5-r1, 2.11.6, 2.12.4 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 3 - dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 ------------------------------ dev-libs/libxml2/libxml2-2.11.5.ebuild | 196 ----------------------------- dev-libs/libxml2/libxml2-2.11.6.ebuild | 200 ------------------------------ dev-libs/libxml2/libxml2-2.12.4.ebuild | 196 ----------------------------- 5 files changed, 795 deletions(-)
