370715 – (CVE-2011-1944) <dev-libs/libxml2-2.7.8-r1: buffer overflow in XPath module (CVE-2011-1944)

Bug 370715 (CVE-2011-1944) - <dev-libs/libxml2-2.7.8-r1: buffer overflow in XPath module (CVE-2011-1944)

Summary: <dev-libs/libxml2-2.7.8-r1: buffer overflow in XPath module (CVE-2011-1944)

Status:	RESOLVED FIXED

Alias:	CVE-2011-1944

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://scarybeastsecurity.blogspot.co...
Whiteboard:	A1 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-06-08 20:23 UTC by Sylvia
Modified:	2011-10-26 20:50 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sylvia 2011-06-08 20:23:42 UTC

details were disclosed here - http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

in debian bugzilla - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628537
( patch available for libxml2 2.7.8 - http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=25;filename=squeeze.diff;att=2;bug=628537 )

DSA - http://www.debian.org/security/2011/dsa-2255

please check.

Reproducible: Didn't try

Comment 1 Pacho Ramos gentoo-dev

2011-06-13 14:55:21 UTC

+*libxml2-2.7.8-r1 (13 Jun 2011)
+
+  13 Jun 2011; Pacho Ramos <pacho@gentoo.org> -libxml2-2.7.7.ebuild,
+  +libxml2-2.7.8-r1.ebuild, +files/libxml2-2.7.8-reallocation-failures.patch:
+  Fix some potential problems on reallocation failures (CVE-2011-1944), bug
+  #370715 by Sylvia. Remove old.
+

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2011-06-13 14:59:18 UTC

(In reply to comment #1)
> +*libxml2-2.7.8-r1 (13 Jun 2011)
> +
> +  13 Jun 2011; Pacho Ramos <pacho@gentoo.org> -libxml2-2.7.7.ebuild,
> +  +libxml2-2.7.8-r1.ebuild, +files/libxml2-2.7.8-reallocation-failures.patch:
> +  Fix some potential problems on reallocation failures (CVE-2011-1944), bug
> +  #370715 by Sylvia. Remove old.
> +

Thanks, Pacho.

Arches, please test and mark stable:
=dev-libs/libxml2-2.7.8-r1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 3 Agostino Sarubbo gentoo-dev

2011-06-13 19:53:32 UTC

amd64 ok

Comment 4 Ian Delaney (RETIRED) gentoo-dev

2011-06-13 23:01:29 UTC

amd64:

ditto Ago

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2011-06-14 03:43:02 UTC

Stable for HPPA.

Comment 6 Markus Meier gentoo-dev

2011-06-14 21:05:27 UTC

amd64/arm/x86 stable, thanks Agostino and Ian

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2011-06-19 14:56:31 UTC

alpha/ia64/m68k/s390/sh/sparc stable

Comment 8 Brent Baude (RETIRED) gentoo-dev

2011-06-22 20:21:30 UTC

ppc done

Comment 9 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev

2011-07-03 11:19:50 UTC

ppc64 stable, last arch done

Comment 10 Tim Sammut (RETIRED) gentoo-dev

2011-07-03 15:45:46 UTC

Thanks, everyone. Added to existing GLSA request.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 22:34:43 UTC

CVE-2011-1944 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1944):
  Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x
  through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent
  attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via a crafted XML file that triggers a heap-based buffer
  overflow when adding a new namespace node, related to handling of XPath
  expressions.

Comment 12 GLSAMaker/CVETool Bot gentoo-dev

2011-10-26 20:50:58 UTC

This issue was resolved and addressed in
 GLSA 201110-26 at http://security.gentoo.org/glsa/glsa-201110-26.xml
by GLSA coordinator Tim Sammut (underling).