923806 – (CVE-2024-25062) <dev-libs/libxml2-{2.11.7, 2.12.5}: Use-after-free in xmlValidatePopElement

Bug 923806 (CVE-2024-25062) - <dev-libs/libxml2-{2.11.7, 2.12.5}: Use-after-free in xmlValidatePopElement

Summary: <dev-libs/libxml2-{2.11.7, 2.12.5}: Use-after-free in xmlValidatePopElement

Status:	RESOLVED FIXED

Alias:	CVE-2024-25062

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa+]
Keywords:

Depends on:	923807 923808
Blocks:
	Show dependency tree

Reported:	2024-02-05 03:45 UTC by Sam James
Modified:	2024-03-04 11:15 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2024-02-05 03:45:03 UTC

```
+### Security
+
+- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
+
```

"An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."

Comment 1 Larry the Git Cow gentoo-dev

2024-02-05 03:56:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7acaa9d202a846b33a13a1020b88e5c16ca9eeeb

commit 7acaa9d202a846b33a13a1020b88e5c16ca9eeeb
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-02-05 03:50:18 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-05 03:56:08 +0000

    dev-libs/libxml2: add 2.11.7
    
    Bug: https://bugs.gentoo.org/923806
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.11.7.ebuild | 200 +++++++++++++++++++++++++++++++++
 2 files changed, 201 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2024-02-09 09:37:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e85e47ba7c520c0a553d527c33c5c297cb8ff286

commit e85e47ba7c520c0a553d527c33c5c297cb8ff286
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-09 09:36:36 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-09 09:37:22 +0000

    [ GLSA 202402-11 ] libxml2: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/904202
    Bug: https://bugs.gentoo.org/905399
    Bug: https://bugs.gentoo.org/915351
    Bug: https://bugs.gentoo.org/923806
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-11.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-03-04 11:13:03 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9f602950cfe3df380e2ef8909025f1a2255bf04

commit f9f602950cfe3df380e2ef8909025f1a2255bf04
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-03-04 11:12:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-03-04 11:12:24 +0000

    dev-libs/libxml2: drop 2.11.5, 2.11.5-r1, 2.11.6, 2.12.4
    
    Bug: https://bugs.gentoo.org/915351
    Bug: https://bugs.gentoo.org/923806
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest                 |   3 -
 dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 ------------------------------
 dev-libs/libxml2/libxml2-2.11.5.ebuild    | 196 -----------------------------
 dev-libs/libxml2/libxml2-2.11.6.ebuild    | 200 ------------------------------
 dev-libs/libxml2/libxml2-2.12.4.ebuild    | 196 -----------------------------
 5 files changed, 795 deletions(-)