Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 564776 (CVE-2015-8035) - <dev-libs/libxml2-2.9.2-r4: DoS
Summary: <dev-libs/libxml2-2.9.2-r4: DoS
Status: RESOLVED FIXED
Alias: CVE-2015-8035
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A3 [glsa cve]
Keywords:
Depends on: CVE-2015-8710
Blocks:
  Show dependency tree
 
Reported: 2015-11-03 10:28 UTC by Agostino Sarubbo
Modified: 2017-01-16 21:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-11-03 10:28:46 UTC
From ${URL} :

We found a denegation of service parsing a specially crafted xml in libxml2
if xz support is enabled. It affects version 2.9.1 and probably others.
Find attached a xml that never finishes the parsing process:

gdb --quiet --args xmllint /tmp/test.xz
Reading symbols from xmllint...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/xmllint /tmp/test.xz
^C
Program received signal SIGINT, Interrupt.
0xb7f3e63c in xz_decomp (state=state@...ry=0x8001cff0) at ../../xzlib.c:509
509 ../../xzlib.c: No such file or directory.
(gdb) bt
#0  0xb7f3e63c in xz_decomp (state=state@...ry=0x8001cff0) at
../../xzlib.c:509
#1  0xb7f3ea25 in xz_make (state=<optimized out>) at ../../xzlib.c:603
#2  0xb7f3f3e7 in __libxml2_xzread (file=file@...ry=0x8001cff0,
buf=buf@...ry=0x8001d190, len=len@...ry=4000) at ../../xzlib.c:694
#3  0xb7e87dfb in xmlXzfileRead (context=0x8001cff0, buffer=0x8001d190 "",
len=4000) at ../../xmlIO.c:1421
#4  0xb7e89aaa in xmlParserInputBufferGrow__internal_alias (in=0x8001d140,
len=4000, len@...ry=250) at ../../xmlIO.c:3317
#5  0xb7e5af21 in xmlParserInputGrow__internal_alias (in=0x8001f198,
len=len@...ry=250) at ../../parserInternals.c:320
#6  0xb7e60581 in xmlGROW (ctxt=ctxt@...ry=0x8001c258) at
../../parser.c:2075
#7  0xb7e72d49 in xmlParseDocument__internal_alias (ctxt=ctxt@...ry=0x8001c258)
at ../../parser.c:10672
#8  0xb7e731a0 in xmlDoRead (ctxt=0x8001c258, URL=0x0, encoding=0x0,
options=4259840, reuse=0) at ../../parser.c:15242
#9  0x80009fc8 in ?? ()
#10 0x80006887 in main ()

Fix:

https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Gilles Dartiguelongue gentoo-dev 2015-11-09 20:38:39 UTC
Upstream patch applied in 2.9.2-r2.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-01-16 02:47:43 UTC
CVE Assignment:

http://www.openwall.com/lists/oss-security/2015/11/02/4
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-01-16 21:21:17 UTC
This issue was resolved and addressed in
 GLSA 201701-37 at https://security.gentoo.org/glsa/201701-37
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-01-16 21:25:23 UTC
This issue was resolved and addressed in
 GLSA 201701-37 at https://security.gentoo.org/glsa/201701-37
by GLSA coordinator Thomas Deutschmann (whissi).