From ${URL} : We found a denegation of service parsing a specially crafted xml in libxml2 if recover mode is used. Find attached a xml that crashes during the parsing process: gdb --quiet --args xmllint --recover no-recover.xml ... Program received signal SIGSEGV, Segmentation fault. _int_malloc (av=0x7ffff7826760 <main_arena>, bytes=64) at malloc.c:3302 (gdb) bt — Trace 235974 #0 _int_malloc at malloc.c line 3302 #1 __GI___libc_malloc at malloc.c line 2891 #2 xmlBufCreateSize at ../../buf.c line 159 #3 xmlStringGetNodeList__internal_alias at ../../tree.c line 1483 #4 xmlStringGetNodeList__internal_alias at ../../tree.c line 1591 #5 xmlStringGetNodeList__internal_alias at ../../tree.c line 1591 #6 xmlStringGetNodeList__internal_alias at ../../tree.c line 1591 #7 xmlStringGetNodeList__internal_alias at ../../tree.c line 1591 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE from https://bugzilla.redhat.com/show_bug.cgi?id=1319829 Patched via https://github.com/GNOME/libxml2/commit/bdd66182ef53fe1f7209ab6535fda56366bd7ac9 released in v2.9.4. v2.9.4 landed in Gentoo repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/libxml2?id=b68f9389191396b4febff3e7b61f939189364426 @ Security: Please vote!
CVE-2016-3627 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627): The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
This issue was resolved and addressed in GLSA 201701-37 at https://security.gentoo.org/glsa/201701-37 by GLSA coordinator Thomas Deutschmann (whissi).