Summary: | <dev-libs/libxml2-2.9.2-r4: Crafted xml causes out of bound memory access | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/10/22/5 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 560524 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-10-27 08:36:51 UTC
Upstream patches applied in 2.9.2-r2. CVE: The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Once again, not sure why this is counted as a common package. Re-designating to B3. GLSA Vote: No |