Summary: | <dev-libs/expat-2.2.0-r1: Undefined behavior and pointer overflows (CVE-2016-4472) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | freedesktop-bugs |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1344251 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=dev-libs/expat-2.2.0-r1
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-06-10 09:04:41 UTC
CVE-2016-4472 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472): The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. From https://sourceforge.net/p/expat/code_git/ci/master/tree/expat/Changes: > Release 2.2.0 Tue June 21 2016 > Security fixes: > #537 CVE-2016-0718 -- Fix crash on malformed input > CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / > CVE-2015-2716 introduced with Expat 2.1.1 > #499 CVE-2016-5300 -- Use more entropy for hash initialization > than the original fix to CVE-2012-0876 > #519 CVE-2012-6702 -- Resolve troublesome internal call to srand > that was introduced with Expat 2.1.0 > when addressing CVE-2012-0876 (issue #496) v2.2.0 is in Gentoo repository available since https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/expat?id=d32fd3265a5a1e4297d542c55c9417f98beff4b8 @ Arches, please test and mark stable: =dev-libs/expat-2.2.0-r1 Stable target(s): alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 Removing unstable arches. amd64 stable x86 stable Stable on alpha. arm stable sparc stable ia64 stable ppc stable ppc64 stable ping for final arch Stable for HPPA. Added to existing GLSA request. @ Maintainer(s): Please cleanup and drop <dev-libs/expat-2.2.0-r1! cleaned This issue was resolved and addressed in GLSA 201701-21 at https://security.gentoo.org/glsa/201701-21 by GLSA coordinator Aaron Bauman (b-man). |