Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 833508 (CVE-2021-30560) - <dev-libs/libxslt-1.1.35: use-after-free in xsltApplyTemplates
Summary: <dev-libs/libxslt-1.1.35: use-after-free in xsltApplyTemplates
Status: CONFIRMED
Alias: CVE-2021-30560
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.chromium.org/p/chromium/...
Whiteboard: A3 [glsa? cleanup]
Keywords:
Depends on: 833586 834457
Blocks:
  Show dependency tree
 
Reported: 2022-02-17 02:27 UTC by John Helmert III
Modified: 2022-03-15 15:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-17 02:27:22 UTC
"There's a bug in libxslt which can result in use-after-free in connection with the <xsl:strip-space> feature. Under certain circumstances, function xsltApplyTemplates can delete text nodes which are still referenced from variables, keys or possibly other data structures."

Fix in 1.1.35: https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8
Comment 1 Larry the Git Cow gentoo-dev 2022-02-17 22:52:44 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49e51187a6e928f9ac156a757be6301b61141d5d

commit 49e51187a6e928f9ac156a757be6301b61141d5d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-17 22:51:32 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-17 22:52:29 +0000

    dev-libs/libxslt: add 1.1.35
    
    Note that maintainership has officially changed and verify-sig is
    therefore dropped for now as upstream aren't offering PGP signatures
    for now: https://gitlab.gnome.org/GNOME/libxml2/-/issues/313#note_1387405.
    
    Closes: https://bugs.gentoo.org/833508
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxslt/Manifest              |  1 +
 dev-libs/libxslt/libxslt-1.1.35.ebuild | 63 ++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-02-18 03:54:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad676814872917af7dc098f47b0ebb8a106f5d30

commit ad676814872917af7dc098f47b0ebb8a106f5d30
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-18 03:53:29 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-18 03:53:29 +0000

    profiles: mask =dev-libs/libxslt-1.1.35
    
    Too strict parsing? Needs more investigation.
    
    Bug: https://bugs.gentoo.org/833586
    Bug: https://bugs.gentoo.org/833508
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)