XPATH is a language querying content from XML documents. The vulnerability lies in the module processing this query language. Specifically, libxml2 does not well process a malformed XPATH, causing crash.
To exploit this vulnerability, hacker may send user a link containing malicious XPATH. When user opens this link, the malicious code will be executed, attacking user’s system.
The Red Hat bug (https://bugzilla.redhat.com/show_bug.cgi?id=645341) lists two upstream commits as fixing the issue:
In any case, 2.7.8 has been released and is fixed.
If you do use 2.7.8 do add the patch from:
else a lot of complaints like:
/usr/lib/libxml2.so.2: no version information available
(In reply to comment #1)
> else a lot of complaints like:
> /usr/lib/libxml2.so.2: no version information available
Yes, I tried to bump libxml2 some days ago but these messages prevented me from committing it :-S, hopefully any other gnome team member will know where could be the problem :-/
Another libxml2 vulnerability has been announced. CVE-2010-4494 is for a Double Free vulnerability in libxml2 through 2.7.8. Upstream fixes at:
*** Bug 351954 has been marked as a duplicate of this bug. ***
*** Bug 353208 has been marked as a duplicate of this bug. ***
(In reply to comment #6)
Awesome, thank you.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA, despite:
dev-libs/libxml2/libxml2-2.7.8.ebuild: Unquoted Variable on line: 100
ppc/ppc64 stable, last arch done
Thanks, everyone. GLSA request filed.
this bug perhaps needs to be closed, fixed, in tree
This issue was resolved and addressed in
GLSA 201110-26 at http://security.gentoo.org/glsa/glsa-201110-26.xml
by GLSA coordinator Tim Sammut (underling).
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple
Safari 5.0.2 and earlier, and other products, reads from invalid memory
locations during processing of malformed XPath expressions, which allows
context-dependent attackers to cause a denial of service (application crash)
via a crafted XML document.
Double free vulnerability in libxml2 2.7.8 and other versions, as used in
Google Chrome before 8.0.552.215 and other products, allows remote attackers
to cause a denial of service or possibly have unspecified other impact via
vectors related to XPath handling.