Bug 17024

Summary: libxml2 new security issue CVE-2015-7942
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: shlomif, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/662058/
Whiteboard: has_procedure advisory MGA5-64-OK
Source RPM: libxml2-2.9.1-11.1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-10-26 21:14:03 CET 
Debian-LTS has issued an advisory on October 25:
http://lwn.net/Alerts/662021/

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated libxml2 packages fix security vulnerability:

Crafted xml causes out of bound memory access in libxml2 due to a heap
buffer-overflow in xmlParseConditionalSections() in parser.c (CVE-2015-7942).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
https://bugzilla.gnome.org/show_bug.cgi?id=756456
http://lwn.net/Alerts/662021/
========================

Updated packages in core/updates_testing:
========================
libxml2_2-2.9.1-11.2.mga5
libxml2-utils-2.9.1-11.2.mga5
libxml2-python-2.9.1-11.2.mga5
libxml2-devel-2.9.1-11.2.mga5

from libxml2-2.9.1-11.2.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-10-26 21:14:18 CET 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Libxml2

Whiteboard: (none) => has_procedure

Comment 2 Shlomi Fish 2015-11-02 18:35:20 CET 
(In reply to David Walser from comment #1)
> Testing procedure:
> https://wiki.mageia.org/en/QA_procedure:Libxml2

Tested on MGA5-64-OK and OKing it. I also ran the perl-XML-LibXML tests through the new version and they all pass.

CC: (none) => shlomif
Whiteboard: has_procedure => has_procedure MGA5-64-OK

Comment 3 claire robinson 2015-11-02 19:17:05 CET 
Thanks Shlomi.

Validating. Advisory uploaded.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-64-OK => has_procedure advisory MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-11-02 21:22:25 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0423.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED