libxml2: multiple vulnerabilities

Package(s):

libxml2

CVE #(s):

CVE-2015-1819

Created:

July 3, 2015

Updated:

September 9, 2015

Description:

From the Debian advisory:

(1) CVE-2015-1819 / #782782 Florian Weimer from Red Hat reported an issue against libxml2, where a parser which uses libxml2 chokes on a crafted XML document, allocating gigabytes of data. This is a fine line issue between API misuse and a bug in libxml2. This issue got addressed in libxml2 upstream and the patch has been backported to libxml2 in squeeze-lts.

(2) #782985 Jun Kokatsu reported an out-of-bounds memory access in libxml2. By entering an unclosed html comment the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment that was returned to the evoking application. In the Shopify application (where this issue was originally discovered), this caused ruby objects from previous http requests to be disclosed in the rendered page.

(3) #783010 Michal Zalewski reported another out-of-bound reads issue in libxml2 that did not cause any crashes but could be detected under ASAN and Valgrind.

Alerts:

Gentoo	201701-37	libxml2	2017-01-16
openSUSE	openSUSE-SU-2016:0106-1	libxml2	2016-01-13
openSUSE	openSUSE-SU-2015:2372-1	libxml2	2015-12-27
Debian	DSA-3430-1	libxml2	2015-12-23
Scientific Linux	SLSA-2015:2550-1	libxml2	2015-12-21
SUSE	SUSE-SU-2016:0786-1	sles12-docker-image	2016-03-16
Arch Linux	ASA-201512-6	libxml2	2015-12-09
Oracle	ELSA-2015-2550	libxml2	2015-12-07
Red Hat	RHSA-2015:2550-01	libxml2	2015-12-07
Fedora	FEDORA-2015-037f844d3e	libxml2	2015-11-30
Fedora	FEDORA-2015-c24af963a2	libxml2	2015-11-26
Ubuntu	USN-2812-1	libxml2	2015-11-16
Scientific Linux	SLSA-2015:1419-1	libxml2	2015-08-03
Oracle	ELSA-2015-1419	libxml2	2015-07-29
Red Hat	RHSA-2015:1419-01	libxml2	2015-07-22
Mageia	MGASA-2015-0358	libxml2	2015-09-08
Gentoo	201507-08	libxml2	2015-07-07
Debian-LTS	DLA-266-1	libxml2	2015-07-03