StarlingX

CVE-2015-2716: expat: Buffer overflow in the XML parser

Bug #1881425 reported by Ghada Khalil
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Poornima Y N

Bug Description

CVE-2015-2716: : expat: Buffer overflow in the XML parser

CVSSv2: 7.5 (AV:N/AC:L/Au:N/C/I/A)

Description:
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

References:
https://nvd.nist.gov/vuln/detail/CVE-2015-2716
https://access.redhat.com/errata/RHSA-2020:1011
https://<email address hidden>/msg05934.html

The new RPMs are:
expat-2.1.0-11.el7.x86_64.rpm
expat-devel-2.1.0-11.el7.x86_64.rpm
expat-2.1.0-11.el7.src.rpm

Reported By: StarlingX May 2020 CVE Scan

See original description

CVE References

Ghada Khalil (gkhalil)
information type: Public → Public Security
tags: added: stx.3.0 stx.4.0 stx.security
description: updated
Revision history for this message
Ghada Khalil (gkhalil) wrote :

This CVE is applicable to stx.3.0 (r/stx.3.0 branch) & stx.4.0 (master branch)

Ghada Khalil (gkhalil)
description: updated
description: updated
Revision history for this message
Ghada Khalil (gkhalil) wrote :

The process is to address the CVE in stx master first and then cherrypick to stx.3.0 after some soak time

Changed in starlingx:
importance: Undecided → High
status: New → Triaged
Poornima Y N (poornimayn)
Changed in starlingx:
assignee: nobody → Poornima Y N (poornimayn)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/734769

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/734769
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=3c07782bafaa16837eae07877304f6ed94e5dd51
Submitter: Zuul
Branch: master

commit 3c07782bafaa16837eae07877304f6ed94e5dd51
Author: Poornima <email address hidden>
Date: Thu Jun 11 02:07:52 2020 +0530

    expat: CVE-2015-2716 Fix

    Fix are included in following upgraded Centos expat RPMs:
    expat-2.1.0-11.el7.x86_64.rpm
    expat-devel-2.1.0-11.el7.x86_64.rpm

    Test:
    All the layer build is successful. Deployed a all-in-one simplex
    using the ISO created with the changes.

    Closes-Bug: 1881425
    Depends-On: https://review.opendev.org/#/c/734915
    Change-Id: I362b1202838a293cb60e6a3255c8ef17f40798f0
    Signed-off-by: Poornima <email address hidden>
    Signed-off-by: Sharath Kumar K <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
Poornima Y N (poornimayn) wrote :

Started working on porting the CVE fixes to the stx3.0. While building I see below error:

17:30:55 b7: SRPM build successful for 'kernel-3.10.0-1062.1.2.el7'
17:30:55 b7: ===== Build complete for 'kernel' =====
17:30:55 b7:
17:30:55 ============ Build failed =============
17:30:55 b5: ERROR: build_dir (417): Invalid srpm path 'mirror:Source/systemd-219-67.el7.src.rpm', evaluated as '/localdisk/designer/pyn/stx/cgcs-root/cgcs-centos-repo/Source/systemd-219-67.el7.src.rpm', found in '/localdisk/designer/pyn/stx/cgcs-root/stx/integ/base/systemd/centos/srpm_path'
17:30:55 ERROR: reaper (1304): Failed to build src.rpm from source at 'b5'
17:30:55

The actual version of systemd src file in the lst file is systemd-219-67.el7.src.rpm, but systemd-219-62.el7_6.5.src.rpm was downloaded.

Did a clean build, after that facing missing .config files issue!.

Trying a fresh build now.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (r/stx.3.0)

Fix proposed to branch: r/stx.3.0
Review: https://review.opendev.org/737911

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (r/stx.3.0)

Reviewed: https://review.opendev.org/737911
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=f12a8f4d7947f337c99db2bf0cdd0e442b5a727a
Submitter: Zuul
Branch: r/stx.3.0

commit f12a8f4d7947f337c99db2bf0cdd0e442b5a727a
Author: Poornima <email address hidden>
Date: Wed Jun 17 01:52:13 2020 +0530

    expat: CVE-2015-2716 Fix

    Fix is included in following upgraded Centos expat RPMs:
    expat-2.1.0-11.el7.x86_64.rpm
    expat-devel-2.1.0-11.el7.x86_64.rpm

    Test:
    Build is successful. Deployed an all-in-one simplex
    using the ISO created with the changes.

    Closes-Bug: 1881425
    Depends-On: https://review.opendev.org/#/c/737902/
    Change-Id: I362b1202838a293cb60e6a3255c8ef17f40798f0
    Signed-off-by: Poornima <email address hidden>

Ghada Khalil (gkhalil)
tags: added: in-r-stx30
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.