Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 558822 (CVE-2015-7995) - <dev-libs/libxslt-1.1.28-r5: null pointer dereference (CVE-2015-7995)
Summary: <dev-libs/libxslt-1.1.28-r5: null pointer dereference (CVE-2015-7995)
Status: RESOLVED FIXED
Alias: CVE-2015-7995
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-26 12:37 UTC by Agostino Sarubbo
Modified: 2016-06-21 09:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
poc (poc,140 bytes, application/xml)
2015-08-26 12:37 UTC, Agostino Sarubbo 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-08-26 12:37:29 UTC 
The attached poc produces this output:

asan ~ # xsltproc poc 
ASAN:SIGSEGV
=================================================================
==1706==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fad87a78e8c bp 0x7ffe8420dd90 sp 0x7ffe8420dc40 T0)
    #0 0x7fad87a78e8b in xsltStylePreCompute /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/preproc.c:2250:18
    #1 0x7fad87a3f011 in xsltPrecomputeStylesheet /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:3498:3
    #2 0x7fad87a3aa8b in xsltParseStylesheetProcess /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:6425:2
    #3 0x7fad87a3fecd in xsltParseStylesheetImportedDoc /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:6641:9
    #4 0x7fad87a40068 in xsltParseStylesheetDoc /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:6680:11
    #5 0x4ddc5f in main /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/xsltproc/xsltproc.c:851:9
    #6 0x7fad8629baa4 in __libc_start_main (/lib64/libc.so.6+0x21aa4)
    #7 0x436146 in _start (/usr/bin/xsltproc+0x436146)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/preproc.c:2250 xsltStylePreCompute
==1706==ABORTING
Comment 1 Agostino Sarubbo gentoo-dev 2015-08-26 12:37:50 UTC 
Created attachment 410342 [details]
poc
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2015-11-11 14:54:56 UTC 
Updates from redhat report: CVE-2015-7995

http://www.openwall.com/lists/oss-security/2015/10/27/10

Upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
Comment 3 Gilles Dartiguelongue (RETIRED) gentoo-dev 2015-11-11 21:36:13 UTC 
Upstream patch is applied in 1.1.28-r5.
Comment 4 Agostino Sarubbo gentoo-dev 2015-11-12 11:59:26 UTC 
Arches, please test and mark stable:                                                                       
=dev-libs/libxslt-1.1.28-r5
Target keywords : "alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-13 06:33:57 UTC 
Stable for PPC64.
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-13 07:00:05 UTC 
Stable for HPPA.
Comment 7 Agostino Sarubbo gentoo-dev 2015-11-13 09:59:26 UTC 
amd64 stable
Comment 8 Matt Turner gentoo-dev 2015-11-15 18:27:35 UTC 
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-11-18 08:57:27 UTC 
x86 stable
Comment 10 Agostino Sarubbo gentoo-dev 2015-11-18 11:00:23 UTC 
ia64 stable
Comment 11 Markus Meier gentoo-dev 2015-11-21 14:35:36 UTC 
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2015-12-26 10:56:30 UTC 
ppc stable
Comment 13 Agostino Sarubbo gentoo-dev 2016-01-09 07:11:33 UTC 
sparc stable
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 09:37:05 UTC 
GLSA Vote: No