[3.1] libxml2: out-of-bounds memory access and heap-buffer-overflow (CVE-2015-7941, CVE-2015-7942)
out-of-bounds memory access (CVE-2015-7941)
heap-buffer-overflow in xmlParseConditionalSections (CVE-2015-7942)
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=744980
http://seclists.org/oss-sec/2015/q4/130
https://bugzilla.novell.com/show\_bug.cgi?id=CVE-2015-7941
https://bugzilla.gnome.org/show\_bug.cgi?id=756456
Patches:
https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
(from redmine: issue id 4799, created on 2015-10-27, closed on 2015-12-02)
- Relations:
- parent #4796 (closed)
- Changesets:
- Revision 9e3ec839 by Christian Kampka on 2015-11-30T16:07:17Z:
main/libxml2: security fixes
CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport)
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard)
CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard)
CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard)
CVE-2015-5312 Another entity expansion issue (David Drysdale)
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale)
CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard)
CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard)
CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard)
CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard)
CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard)
CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard)
CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard)
fixes #4799