| Summary: | <dev-libs/libxml2-2.9.1 : Multiple Use-After-Free Vulnerabilities (CVE-2013-1969) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | gnome |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53061/ | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=483632 | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 476438 | ||
| Bug Blocks: | |||
CVE-2013-1970 rejected CVE-2013-1969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969): Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. This was fixed in >=libxml2-2.9.1, which is being stabilized at bug #476438 Added to existing GLSA draft This issue was resolved and addressed in GLSA 201311-06 at http://security.gentoo.org/glsa/glsa-201311-06.xml by GLSA coordinator Sean Amoss (ackle). |
From ${URL} : Description Multiple vulnerabilities have been reported in libxml2, which can be exploited by malicious people to potentially compromise an application using the library. 1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory. 2) Two use-after-free errors in "xmldecl_done()" can be exploited to dereference already freed memory. The vulnerabilities are reported in version 2.9.0. Other versions may also be affected. Solution Fixed in the git repository. Further details available to Secunia VIM customers Provided and/or discovered by Disclosed by the vendor via a git commit. Original Advisory libxml2: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f @maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not