According to the summary in the Chromium bug tracker [1]: When calling XPath functions, the XPath engine of libxml2 fails to verify correct stack usage. This isn't a problem in most cases where functions report an error to the XPath engine, because this usually leads to an early exit from the XPath evaluation. But if a function fails to signal an error and leaves the stack in an unexpected state, the evaluation continues. RedHat bugzilla entry [2] Upstream patch [3] [1] https://bugs.chromium.org/p/chromium/issues/detail?id=727039 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1523128 [3] https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
@maintainer(s): please call for stabilization when ready, thank you. Fix XPath stack frame logic - v2.9.6-rc1 Gentoo Security Padawan (jmbailey/mbailey_j)
Call what stable? All security supported arches have had libxml2 2.9.6 stable since 27th December.
(In reply to Mart Raudsepp from comment #2) > Call what stable? All security supported arches have had libxml2 2.9.6 > stable since 27th December. Mart, thanks for the update. 2.9.6 indeed has the patch. Unstable arches pending stabilization. Cleanup when possible or mask vulnerable versions please.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7a0ef2da5c03fcf9e96baad04bff6f942e73575 commit a7a0ef2da5c03fcf9e96baad04bff6f942e73575 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-01-21 01:43:48 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-01-21 01:44:25 +0000 dev-libs/libxml2: security cleanup Bug: https://bugs.gentoo.org/644574 Package-Manager: Portage-2.3.19, Repoman-2.3.6 dev-libs/libxml2/libxml2-2.9.4-r1.ebuild | 4 +- dev-libs/libxml2/libxml2-2.9.4-r3.ebuild | 239 ------------------------------- 2 files changed, 2 insertions(+), 241 deletions(-)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=783baf3271249d8e234cd806650191181ef03c9c commit 783baf3271249d8e234cd806650191181ef03c9c Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-03-02 14:32:11 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-03-02 16:08:50 +0000 dev-libs/libxml2: security cleanup Bug: https://bugs.gentoo.org/644574 Package-Manager: Portage-2.3.19, Repoman-2.3.6 dev-libs/libxml2/Manifest | 1 - .../files/libxml2-2.9.2-disable-tests.patch | 68 ------ .../files/libxml2-2.9.4-CVE-2016-4658.patch | 249 --------------------- .../files/libxml2-2.9.4-CVE-2016-5131.patch | 174 -------------- .../libxml2/files/libxml2-2.9.4-nullptrderef.patch | 50 ----- .../files/libxml2-2.9.4-nullptrderef2.patch | 57 ----- dev-libs/libxml2/libxml2-2.9.4-r1.ebuild | 220 ------------------ 7 files changed, 819 deletions(-)}
cleanup done