[gentoo-announce] [ GLSA 200812-06 ] libxml2: Multiple vulnerabilities - gentoo-announce

From:	Robert Buchholz <rbu@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200812-06 ] libxml2: Multiple vulnerabilities
Date:	Tue, 02 Dec 2008 18:06:49
Message-Id:	`200812021842.06701.rbu@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200812-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: libxml2: Multiple vulnerabilities

9

      Date: December 02, 2008

10

      Bugs: #234099, #237806, #239346, #245960

11

        ID: 200812-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities in libxml2 might lead to execution of

19

arbitrary code or Denial of Service.

20

21

Background

22

==========

23

24

libxml2 is the XML (eXtended Markup Language) C parser and toolkit

25

initially developed for the Gnome project.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package           /  Vulnerable  /                     Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-libs/libxml2     < 2.7.2-r1                       >= 2.7.2-r1

34

35

Description

36

===========

37

38

Multiple vulnerabilities were reported in libxml2:

39

40

* Andreas Solberg reported that libxml2 does not properly detect

41

  recursion during entity expansion in an attribute value

42

  (CVE-2008-3281).

43

44

* A heap-based buffer overflow has been reported in the

45

  xmlParseAttValueComplex() function in parser.c (CVE-2008-3529).

46

47

* Christian Weiske reported that predefined entity definitions in

48

  entities are not properly handled (CVE-2008-4409).

49

50

* Drew Yao of Apple Product Security reported an integer overflow in

51

  the xmlBufferResize() function that can lead to an infinite loop

52

  (CVE-2008-4225).

53

54

* Drew Yao of Apple Product Security reported an integer overflow in

55

  the xmlSAX2Characters() function leading to a memory corruption

56

  (CVE-2008-4226).

57

58

Impact

59

======

60

61

A remote attacker could entice a user or automated system to open a

62

specially crafted XML document with an application using libxml2,

63

possibly resulting in the exeution of arbitrary code or a high CPU and

64

memory consumption.

65

66

Workaround

67

==========

68

69

There is no known workaround at this time.

70

71

Resolution

72

==========

73

74

All libxml2 users should upgrade to the latest version:

75

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1"

78

79

References

80

==========

81

82

  [ 1 ] CVE-2008-3281

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281

84

  [ 2 ] CVE-2008-3529

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529

86

  [ 3 ] CVE-2008-4409

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409

88

  [ 4 ] CVE-2008-4225

89

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225

90

  [ 5 ] CVE-2008-4226

91

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226

92

93

Availability

94

============

95

96

This GLSA and any updates to it are available for viewing at

97

the Gentoo Security Website:

98

99

  http://security.gentoo.org/glsa/glsa-200812-06.xml

100

101

Concerns?

102

=========

103

104

Security is a primary focus of Gentoo Linux and ensuring the

105

confidentiality and security of our users machines is of utmost

106

importance to us. Any security concerns should be addressed to

107

security@g.o or alternatively, you may file a bug at

108

http://bugs.gentoo.org.

109

110

License

111

=======

112

113

Copyright 2008 Gentoo Foundation, Inc; referenced text

114

belongs to its owner(s).

115

116

The contents of this document are licensed under the

117

Creative Commons - Attribution / Share Alike license.

118

119

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200812-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: libxml2: Multiple vulnerabilities
9	Date: December 02, 2008
10	Bugs: #234099, #237806, #239346, #245960
11	ID: 200812-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities in libxml2 might lead to execution of
19	arbitrary code or Denial of Service.
20
21	Background
22	==========
23
24	libxml2 is the XML (eXtended Markup Language) C parser and toolkit
25	initially developed for the Gnome project.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-libs/libxml2 < 2.7.2-r1 >= 2.7.2-r1
34
35	Description
36	===========
37
38	Multiple vulnerabilities were reported in libxml2:
39
40	* Andreas Solberg reported that libxml2 does not properly detect
41	recursion during entity expansion in an attribute value
42	(CVE-2008-3281).
43
44	* A heap-based buffer overflow has been reported in the
45	xmlParseAttValueComplex() function in parser.c (CVE-2008-3529).
46
47	* Christian Weiske reported that predefined entity definitions in
48	entities are not properly handled (CVE-2008-4409).
49
50	* Drew Yao of Apple Product Security reported an integer overflow in
51	the xmlBufferResize() function that can lead to an infinite loop
52	(CVE-2008-4225).
53
54	* Drew Yao of Apple Product Security reported an integer overflow in
55	the xmlSAX2Characters() function leading to a memory corruption
56	(CVE-2008-4226).
57
58	Impact
59	======
60
61	A remote attacker could entice a user or automated system to open a
62	specially crafted XML document with an application using libxml2,
63	possibly resulting in the exeution of arbitrary code or a high CPU and
64	memory consumption.
65
66	Workaround
67	==========
68
69	There is no known workaround at this time.
70
71	Resolution
72	==========
73
74	All libxml2 users should upgrade to the latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1"
78
79	References
80	==========
81
82	[ 1 ] CVE-2008-3281
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
84	[ 2 ] CVE-2008-3529
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
86	[ 3 ] CVE-2008-4409
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409
88	[ 4 ] CVE-2008-4225
89	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
90	[ 5 ] CVE-2008-4226
91	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
92
93	Availability
94	============
95
96	This GLSA and any updates to it are available for viewing at
97	the Gentoo Security Website:
98
99	http://security.gentoo.org/glsa/glsa-200812-06.xml
100
101	Concerns?
102	=========
103
104	Security is a primary focus of Gentoo Linux and ensuring the
105	confidentiality and security of our users machines is of utmost
106	importance to us. Any security concerns should be addressed to
107	security@g.o or alternatively, you may file a bug at
108	http://bugs.gentoo.org.
109
110	License
111	=======
112
113	Copyright 2008 Gentoo Foundation, Inc; referenced text
114	belongs to its owner(s).
115
116	The contents of this document are licensed under the
117	Creative Commons - Attribution / Share Alike license.
118
119	http://creativecommons.org/licenses/by-sa/2.5