Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 416209 (CVE-2011-3102) - <dev-libs/libxml2-2.8.0_rc1: OOB write in xpointer.c (CVE-2011-3102)
Summary: <dev-libs/libxml2-2.8.0_rc1: OOB write in xpointer.c (CVE-2011-3102)
Status: RESOLVED FIXED
Alias: CVE-2011-3102
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://code.google.com/p/chromium/is...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-16 07:12 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-07-09 22:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-05-16 07:12:13 UTC
There are not many details, but the upstream patch is 
<http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e>
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-05-20 23:18:25 UTC
CVE-2011-3102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3102):
  Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46,
  allows remote attackers to cause a denial of service (out-of-bounds write)
  or possibly have unspecified other impact via unknown vectors.
Comment 2 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-05-21 02:25:22 UTC
Fixed in libxml2-2.8.0_rc1 (the libxml2 upstream is finally on its way to making a new release)

>*libxml2-2.8.0_rc1 (21 May 2012)
>
>  21 May 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
>  -libxml2-2.7.8-r4.ebuild, +libxml2-2.8.0_rc1.ebuild,
>  +files/libxml2-2.8.0_rc1-randomization-threads.patch,
>  +files/libxml2-2.8.0_rc1-winnt.patch:
>  Version bump with numerous bugfixes, including for bug #416209 (out-of-bounds
>  write, CVE-2011-3102, thanks to Paweł Hajdan, Jr.). Drop old.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-05-21 06:58:16 UTC
Thanks. Just to make sure since this isn't a full release, are we moving to stabilize libxml2-2.8.0_rc1 now?
Comment 4 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-05-21 07:11:00 UTC
(In reply to comment #3)
> Thanks. Just to make sure since this isn't a full release, are we moving to
> stabilize libxml2-2.8.0_rc1 now?

It would be my recommendation. The git changelog between 2.7.8 and 2.8.0-rc1 basically consists of fixes for various parser errors, crashes, infinite loops, memory leaks, and security holes; the only new features are support for lzma compression and <meta charset>.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-05-21 07:13:43 UTC
Ok, thanks; then on we go. ;)

Arches, please test and mark stable:
=dev-libs/libxml2-2.8.0_rc1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 6 Brent Baude (RETIRED) gentoo-dev 2012-05-21 17:28:44 UTC
ppc done
Comment 7 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-05-21 19:09:31 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2012-05-21 20:40:00 UTC
amd64 stable
Comment 9 Jeroen Roovers gentoo-dev 2012-05-22 14:02:51 UTC
Stable for HPPA.
Comment 10 Oleg Gawriloff 2012-05-25 06:18:43 UTC
libxml2-2.8.0-rc1.tar.gz is no longer available at ftp://xmlsoft.org/libxml2/
pls update to rc2
Comment 11 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-05-25 07:14:07 UTC
(In reply to comment #10)

Fixed, thanks for noticing!

>*libxml2-2.8.0 (25 May 2012)
>
>  25 May 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
>  libxml2-2.8.0_rc1.ebuild, +libxml2-2.8.0.ebuild:
>  Version bump to 2.8.0 final. Point rc1's SRC_URI at Gentoo mirrors since the
>  rc1 tarball is no longer available from upstream (bug #416209 comment #10)..
Comment 12 Markus Meier gentoo-dev 2012-05-26 10:17:19 UTC
arm stable
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2012-05-26 17:23:12 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 14 Brent Baude (RETIRED) gentoo-dev 2012-05-29 15:32:32 UTC
ppc64 done
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2012-05-29 22:42:43 UTC
Thanks, folks. GLSA request filed.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2012-07-09 22:16:48 UTC
This issue was resolved and addressed in
 GLSA 201207-02 at http://security.gentoo.org/glsa/glsa-201207-02.xml
by GLSA coordinator Sean Amoss (ackle).