Bug 1669

Summary: libxml2 -- buffer overflow
Product: Mageia Reporter: Sander Lepik <mageia>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, stewbintn
Version: 1   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
Whiteboard:
Source RPM: libxml2-2.7.8-9.mga1.src.rpm CVE:
Status comment:

Description Sander Lepik 2011-06-07 15:47:57 CEST 
Description of problem:

From Debian Security Advisory (DSA-2255-1): http://www.debian.org/security/2011/dsa-2255
Sander Lepik 2011-06-26 12:42:10 CEST

Assignee: bugsquad => qa-bugs

Comment 1 Nicolas Vigier 2011-06-28 00:03:15 CEST 
Package libxml2-2.7.8-9.1.mga1 submitted to updates_testing repository should fix this issue.

Status: NEW => ASSIGNED
CC: (none) => boklm

Comment 2 Stew Benedict 2011-06-28 13:32:08 CEST 
Possible update text:


Chris Evans discovered that libxml2 incorrectly handled memory allocation.
If an application using libxml2 opened a specially crafted XML file, an
attacker could cause a denial of service or possibly execute code as the
user invoking the program. This issue has been identified at mitre.org by CVE-2011-1944. Updated packages correct the issue.

CC: (none) => stewbintn

Comment 3 Dave Hodgins 2011-06-28 19:56:24 CEST 
Package list includes
libxml2-utils
libxml2-python
libxml2_2
libxml2-devel

I've skimmed through the security advisory, but don't see a poc, so for
testing, I've just run "xmllint --auto" and "xmlcatalog --create" to
confirm the programs will run.

For the python test I ran "xmllint --auto>tst.xml" followed by
/usr/share/doc/libxml2-python/tst.py which confirmed that the limxml2
module was imported and executable.

For the devel file, I simply confirmed that it installed without any
conflicts.

Tested on a Mageia 1 i586 kde clean install.

CC: (none) => davidwhodgins

Comment 4 Manuel Hiebel 2011-07-01 00:03:36 CEST 
On a x86_64 gnome system, 
xmllint --auto and "xmlcatalog --create work

for /usr/share/doc/libxml2-python/tst.py I have root.name failed
is that correct ? /me did not understand everything:)
Comment 5 Dave Hodgins 2011-07-01 03:46:29 CEST 
Yes, based on the file created by xmllint.  That is enough though, to confirm
that the modules are loading and accessible to python programs, which is
about all we can test without a better test case.

Can someone from the sysadmin team push the packages
libxml2-utils
libxml2-python
libxml2_2
libxml2-devel
from Core Updates Testing to Core Updates please.

The srpm is
libxml2-2.7.8-9.1.mga1.src.rpm
Comment 6 Nicolas Vigier 2011-07-01 17:10:50 CEST 
Pushed to updates.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:06:09 CEST

CC: boklm => (none)