[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1008-1] libxml2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml2
Version        : 2.8.0+dfsg1-7+wheezy8
CVE ID         : CVE-2017-7375 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049
                 CVE-2017-9050

CVE-2017-7375
     Missing validation for external entities in xmlParsePEReference

CVE-2017-9047
CVE-2017-9048
     A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.
     The function xmlSnprintfElementContent in valid.c is supposed to
     recursively dump the element content definition into a char buffer 'buf'
     of size 'size'. The variable len is assigned strlen(buf).
     If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the
     content->prefix is appended to buf (if it actually fits) whereupon
     (ii) content->name is written to the buffer. However, the check for
     whether the content->name actually fits also uses 'len' rather than
     the updated buffer length strlen(buf). This allows us to write about
     "size" many bytes beyond the allocated memory. This vulnerability
     causes programs that use libxml2, such as PHP, to crash.

CVE-2017-9049
CVE-2017-9050
     libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based
     buffer over-read in the xmlDictComputeFastKey function in dict.c.
     This vulnerability causes programs that use libxml2, such as PHP,
     to crash. This vulnerability exists because of an incomplete fix
     for libxml2 Bug 759398.


For Debian 7 "Wheezy", these problems have been fixed in version
2.8.0+dfsg1-7+wheezy8.

We recommend that you upgrade your libxml2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZVrjZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHNgMP/Awi3e6dBojrnTEsEC9ey1UF
or4/EVeXMGXoAwO+7J6Kp44ODrvo5EbamFqb0xZ8VMB1M9BxtH6TTqsW5DvHmfJw
Zp9oV7kP98ts1eM2w9p83rFnLu+HvqWHI9TW4VyT1ocq++gEfHazvHHfdXrVAXCK
oh9waHKd9tGYcV/TXdYqZu04xdfSLy7vqoHFKyCgE2aw+DWRQ2XhmDxUVh5/jyvN
Qh7lzNaXMiNXNlcYdOYgyPeL7zFHR0wF+BAmz8oGeHuusKVADiXJspwD0j51cY4/
wmMo+y7LHvCcMox1NxO31sTbSXWuKmekO1BuC8hDaueR3oqwGupWXA7PrTg7LUJT
gkgNEsdXJv9Sjp+AXVH3nBvD+Ow7v45mAlrNxTt54ix9rrEGQIYBE3PmhD33WEqi
+FlQL4CWXf8gXs/1Vwd9V3t1vHTxd0EyivTuzblNMLmS9ecdUMcxE3puOYudg4mH
6hFGs92uK4fr2DNh6jKWEvNiBsD1wh3H1kye1MfRq5F9yWioGQuH59IevzrMRR6N
1zCTw5DZKswKEeJuPmIZF+/bCX78ZMAP8KKt8kP8tiFB4ZDJnrHEqgkXkYGzPdC2
JpznOMEAjhtzSZMmcE3agHVOfFX5n+ZujUip78ntDRhqjHAL1jjWzP97b5t3B1tv
HeZeC1NsRhqRDQX5PHi9
=HmO0
-----END PGP SIGNATURE-----


Reply to: