Project

General

Profile

Bug #9565

Bug #9563: libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)

[3.8] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)

Added by Alicha CH 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
10/23/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-9251: The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via
a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

References:

https://bugzilla.gnome.org/show_bug.cgi?id=794914

Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

CVE-2018-14404: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

References:

https://gitlab.gnome.org/GNOME/libxml2/issues/5
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14404.html

Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594

CVE-2018-14567: libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers
LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

References:

https://gitlab.gnome.org/GNOME/libxml2/issues/13
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14567.html

Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

Associated revisions

Revision 9ba0323a (diff)
Added by Natanael Copa 3 months ago

main/libxml2: backport security fixes

- CVE-2018-9251
- CVE-2018-14404
- CVE-2018-14567

fixes #9565

History

#1 Updated by Natanael Copa 3 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 3 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)

Also available in: Atom PDF