Ubuntu
libxml package

[SECURITY] libxml stack overflow issues

Bug #604768 reported by Brian Thomason on 2010-07-12

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libxml (Ubuntu)	Invalid	Medium	Brian Thomason
	Hardy	Fix Released	Medium	Unassigned

Bug Description

Need to fix multiple use-after-free flaws when parsing notation and enumeration attribute types, and also need to fix stack overflow when parsing root XML document element DTD definition.

Related branches

lp:ubuntu/hardy-security/libxml

CVE References

Revision history for this message

Brian Thomason (brian-thomason) wrote on 2010-07-12:

#1

No DSA or Debian bug available; Package no longer in Debian as of Lenny.

Changed in libxml (Ubuntu):
status:	New → In Progress
assignee:	nobody → Brian Thomason (brian-thomason)

Revision history for this message

Brian Thomason (brian-thomason) wrote on 2010-07-12:

#2

Hardy patch Edit (4.6 KiB, text/plain)

Changed in libxml (Ubuntu):
status:	In Progress → New

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2010-07-12:

#3

Brian, your debdiff seems to remove the security fix for CVE-2007-6284 that was added in 1:1.8.17-14.1.

Could you please submit a fixed debdiff, and re-subscribe ubuntu-security-sponsors. Thanks!

visibility:	private → public
Changed in libxml (Ubuntu):
status:	New → Incomplete

Revision history for this message

Brian Thomason (brian-thomason) wrote on 2010-07-12:

#4

Doh! very sorry about that - forgot to remerge the other patch back in.

Revision history for this message

Brian Thomason (brian-thomason) wrote on 2010-07-12:

#5

Updated hardy patch Edit (3.3 KiB, text/plain)

Changed in libxml (Ubuntu):
status:	Incomplete → New

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2010-07-13:

#6

ACK for the updated debdiff. Packages are building now and will be published soon.

Changed in libxml (Ubuntu Hardy):
status:	New → Fix Committed
importance:	Undecided → Medium

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-07-15:

#7

This bug was fixed in the package libxml - 1:1.8.17-14.1ubuntu0.1

---------------
libxml (1:1.8.17-14.1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Fix parsing issues (LP: #604768)
  - modified parser.c: Fix multiple use-after-free flaws when parsing notation and
    enumeration attribute types, and fix stack overflow when parsing root XML
    document element DTD definition. Patch provided by Debian in Etch.
  - CVE-2009-2416
  - CVE-2009-2414
-- Brian Thomason <email address hidden> Mon, 12 Jul 2010 15:26:51 -0400

Changed in libxml (Ubuntu Hardy):
status:	Fix Committed → Fix Released

Revision history for this message

Steve Beattie (sbeattie) wrote on 2010-07-16:

#8

libxml was superceded by libxml2 in the intrepid cycle; closing out the development task on this. Thanks Brian!

Changed in libxml (Ubuntu):
status:	New → Invalid
importance:	Undecided → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.