Summary: | <dev-libs/libxml2-2.7.8: Double Free and Denial of Service Vulnerabilities (CVE-2010-{4008,4494}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | aklhfex, bircoph, fierevere, gnome, jaak, megagreener, nelchael |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 352961 | ||
Bug Blocks: |
Description
Tim Sammut (RETIRED)
2010-11-15 04:06:27 UTC
If you do use 2.7.8 do add the patch from: http://git.gnome.org/browse/libxml2/commit/?id=00819877651b87842ed878898ba17dba489820f0 http://mail.gnome.org/archives/xml/2010-November/msg00016.html else a lot of complaints like: /usr/lib/libxml2.so.2: no version information available (In reply to comment #1) > else a lot of complaints like: > /usr/lib/libxml2.so.2: no version information available > Yes, I tried to bump libxml2 some days ago but these messages prevented me from committing it :-S, hopefully any other gnome team member will know where could be the problem :-/ Another libxml2 vulnerability has been announced. CVE-2010-4494 is for a Double Free vulnerability in libxml2 through 2.7.8. Upstream fixes at: http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722 and http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6 *** Bug 351954 has been marked as a duplicate of this bug. *** *** Bug 353208 has been marked as a duplicate of this bug. *** Bumped (In reply to comment #6) > Bumped > Awesome, thank you. Arches, please test and mark stable: =dev-libs/libxml2-2.7.8 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" x86 stable amd64 done alpha/arm/ia64/m68k/s390/sh/sparc stable Stable for HPPA, despite: ebuild.minorsyn 1 dev-libs/libxml2/libxml2-2.7.8.ebuild: Unquoted Variable on line: 100 ppc/ppc64 stable, last arch done Thanks, everyone. GLSA request filed. this bug perhaps needs to be closed, fixed, in tree This issue was resolved and addressed in GLSA 201110-26 at http://security.gentoo.org/glsa/glsa-201110-26.xml by GLSA coordinator Tim Sammut (underling). CVE-2010-4008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4008): libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. CVE-2010-4494 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4494): Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. |