Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 466238 (CVE-2013-1969) - <dev-libs/libxml2-2.9.1 : Multiple Use-After-Free Vulnerabilities (CVE-2013-1969)
Summary: <dev-libs/libxml2-2.9.1 : Multiple Use-After-Free Vulnerabilities (CVE-2013-1...
Status: RESOLVED FIXED
Alias: CVE-2013-1969
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/53061/
Whiteboard: A2 [glsa]
Keywords:
Depends on: CVE-2013-2877
Blocks:
  Show dependency tree
 
Reported: 2013-04-17 12:43 UTC by Agostino Sarubbo
Modified: 2013-11-10 15:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-04-17 12:43:24 UTC
From ${URL} :

Description
Multiple vulnerabilities have been reported in libxml2, which can be exploited by malicious people 
to potentially compromise an application using the library.

1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed 
memory.

2) Two use-after-free errors in "xmldecl_done()" can be exploited to dereference already freed 
memory.

The vulnerabilities are reported in version 2.9.0. Other versions may also be affected.


Solution
Fixed in the git repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
Disclosed by the vendor via a git commit.

Original Advisory
libxml2:
https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f



@maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not
Comment 1 Agostino Sarubbo gentoo-dev 2013-04-19 07:08:52 UTC
CVE-2013-1970 rejected
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-04-26 11:14:49 UTC
CVE-2013-1969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969):
  Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other
  versions might allow context-dependent attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via vectors related to
  the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a
  buffer overflow in the xmlBufGetInputBase function.
Comment 3 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-07-12 17:52:51 UTC
This was fixed in >=libxml2-2.9.1, which is being stabilized at bug #476438
Comment 4 Sergey Popov gentoo-dev Security 2013-08-28 07:40:36 UTC
Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-11-10 15:19:06 UTC
This issue was resolved and addressed in
 GLSA 201311-06 at http://security.gentoo.org/glsa/glsa-201311-06.xml
by GLSA coordinator Sean Amoss (ackle).