From ${URL} : We found a denegation of service parsing a specially crafted xml in libxml2 if xz support is enabled. It affects version 2.9.1 and probably others. Find attached a xml that never finishes the parsing process: gdb --quiet --args xmllint /tmp/test.xz Reading symbols from xmllint...(no debugging symbols found)...done. (gdb) run Starting program: /usr/bin/xmllint /tmp/test.xz ^C Program received signal SIGINT, Interrupt. 0xb7f3e63c in xz_decomp (state=state@...ry=0x8001cff0) at ../../xzlib.c:509 509 ../../xzlib.c: No such file or directory. (gdb) bt #0 0xb7f3e63c in xz_decomp (state=state@...ry=0x8001cff0) at ../../xzlib.c:509 #1 0xb7f3ea25 in xz_make (state=<optimized out>) at ../../xzlib.c:603 #2 0xb7f3f3e7 in __libxml2_xzread (file=file@...ry=0x8001cff0, buf=buf@...ry=0x8001d190, len=len@...ry=4000) at ../../xzlib.c:694 #3 0xb7e87dfb in xmlXzfileRead (context=0x8001cff0, buffer=0x8001d190 "", len=4000) at ../../xmlIO.c:1421 #4 0xb7e89aaa in xmlParserInputBufferGrow__internal_alias (in=0x8001d140, len=4000, len@...ry=250) at ../../xmlIO.c:3317 #5 0xb7e5af21 in xmlParserInputGrow__internal_alias (in=0x8001f198, len=len@...ry=250) at ../../parserInternals.c:320 #6 0xb7e60581 in xmlGROW (ctxt=ctxt@...ry=0x8001c258) at ../../parser.c:2075 #7 0xb7e72d49 in xmlParseDocument__internal_alias (ctxt=ctxt@...ry=0x8001c258) at ../../parser.c:10672 #8 0xb7e731a0 in xmlDoRead (ctxt=0x8001c258, URL=0x0, encoding=0x0, options=4259840, reuse=0) at ../../parser.c:15242 #9 0x80009fc8 in ?? () #10 0x80006887 in main () Fix: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream patch applied in 2.9.2-r2.
CVE Assignment: http://www.openwall.com/lists/oss-security/2015/11/02/4
This issue was resolved and addressed in GLSA 201701-37 at https://security.gentoo.org/glsa/201701-37 by GLSA coordinator Thomas Deutschmann (whissi).
