| Summary: | <dev-libs/libxml2-2.11.5-r1: Use-after-free if memory allocation fails | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ajak, base-system, mjo, sam |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 914785, 923807 | ||
| Bug Blocks: | |||
|
Description
Sam James
2023-10-08 04:31:20 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d172c4f999dff461c5401bf97ba83f81390dc55 commit 5d172c4f999dff461c5401bf97ba83f81390dc55 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-10-08 04:44:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-08 04:48:09 +0000 dev-libs/libxml2: fix CVE-2023-45322 Bug: https://bugs.gentoo.org/915351 Signed-off-by: Sam James <sam@gentoo.org> .../files/libxml2-2.11.5-CVE-2023-45322.patch | 71 ++++++++ dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 +++++++++++++++++++++ 2 files changed, 271 insertions(+) The original fix for this issue turned out to be buggy: https://gitlab.gnome.org/GNOME/libxml2/-/issues/634 It was reverted upstream... https://gitlab.gnome.org/GNOME/libxml2/-/commit/de3f70146dc531a1f2c0976dc1c2bff84529f161 and then subsequently fixed in a different way: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8707838e69f9c6e729c1d1d46bb3681d9e622be5 I've disabled the test for now, but the current backport is causing test failures in dev-lang/php because a copied XML document isn't the same as the original. (In reply to Michael Orlitzky from comment #2) > The original fix for this issue turned out to be buggy: Ugh, sorry for missing that, and thanks. I originally wasn't even going to patch this, but I succumbed to the temptation to silence people asking why it's not fixed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e85e47ba7c520c0a553d527c33c5c297cb8ff286 commit e85e47ba7c520c0a553d527c33c5c297cb8ff286 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-09 09:36:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-09 09:37:22 +0000 [ GLSA 202402-11 ] libxml2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904202 Bug: https://bugs.gentoo.org/905399 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-11.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9f602950cfe3df380e2ef8909025f1a2255bf04 commit f9f602950cfe3df380e2ef8909025f1a2255bf04 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-04 11:12:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-04 11:12:24 +0000 dev-libs/libxml2: drop 2.11.5, 2.11.5-r1, 2.11.6, 2.12.4 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 3 - dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 ------------------------------ dev-libs/libxml2/libxml2-2.11.5.ebuild | 196 ----------------------------- dev-libs/libxml2/libxml2-2.11.6.ebuild | 200 ------------------------------ dev-libs/libxml2/libxml2-2.12.4.ebuild | 196 ----------------------------- 5 files changed, 795 deletions(-) |