Bug 1105443 (CVE-2018-1000632)

Summary: VUL-0: CVE-2018-1000632: dom4j: version prior to version 2.1.1 contains a CWE-91: XML Injectionvulnerability in Class: Element. Methods: addElement, addAttribute that canresult in an attacker tampering with XML documents through XML
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: pmonrealgonzalez, rfrohl, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
URL: https://smash.suse.de/issue/213063/
Whiteboard: CVSSv3:SUSE:CVE-2018-1000632:6.1:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) CVSSv3:RedHat:CVE-2018-1000632:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVSSv2:NVD:CVE-2018-1000632:6.4:(AV:N/AC:L/Au:N/C:N/I:P/A:P) CVSSv3:NVD:CVE-2018-1000632:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSSv3:UNK(Oracle):CVE-2018-1000632:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Same patch for all codestreams.

Description Marcus Meissner 2018-08-21 06:10:21 UTC
CVE-2018-1000632

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection
vulnerability in Class: Element. Methods: addElement, addAttribute that can
result in an attacker tampering with XML documents through XML injection. This
attack appear to be exploitable via an attacker specifying attributes or
elements in the XML document. This vulnerability appears to have been fixed in
2.1.1 or later.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000632
https://ihacktoprotect.com/post/dom4j-xml-injection/
https://github.com/dom4j/dom4j/issues/48
https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
Comment 3 Pedro Monreal Gonzalez 2018-09-18 15:36:56 UTC
Packages submitted:

SLE-11-SP1:Update 1.6.1 dom4j-CVE-2018-1000632.patch sr#172392
SLE-12:Update     1.6.1 dom4j-CVE-2018-1000632.patch sr#172378
SLE-12-SP2        1.6.1 dom4j-CVE-2018-1000632.patch sr#172377
SLE-15:GA         1.6.1 dom4j-CVE-2018-1000632.patch sr#172360
Factory           1.6.1 dom4j-CVE-2018-1000632.patch sr#636365
Comment 4 Pedro Monreal Gonzalez 2018-09-18 15:43:02 UTC
Created attachment 783477 [details]
Same patch for all codestreams.

Windows line endings in the upstream patch had to be modified in order to be applied.
Comment 11 Swamp Workflow Management 2018-09-25 19:09:23 UTC
SUSE-SU-2018:2861-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
SUSE Manager Server 3.2 (src):    dom4j-1.6.1-27.4.1
SUSE Manager Server 3.0 (src):    dom4j-1.6.1-27.4.1
Comment 12 Swamp Workflow Management 2018-09-25 19:30:20 UTC
SUSE-SU-2018:2863-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
SUSE Manager Server 3.1 (src):    dom4j-1.6.1-3.3.2
Comment 14 Swamp Workflow Management 2018-09-28 10:14:09 UTC
openSUSE-SU-2018:2931-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
openSUSE Leap 42.3 (src):    dom4j-1.6.1-31.3.2
Comment 15 Swamp Workflow Management 2018-10-25 13:13:46 UTC
SUSE-SU-2018:3424-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    dom4j-1.6.1-8.3.8.1
Comment 16 Swamp Workflow Management 2018-11-26 17:09:57 UTC
SUSE-SU-2018:3908-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    dom4j-1.6.1-4.3.2
Comment 17 Robert Frohl 2018-12-06 14:36:34 UTC
released
Comment 18 Swamp Workflow Management 2018-12-07 11:13:21 UTC
openSUSE-SU-2018:3998-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
openSUSE Leap 15.0 (src):    dom4j-1.6.1-lp150.3.3.1
Comment 19 Swamp Workflow Management 2018-12-07 23:23:17 UTC
openSUSE-SU-2018:4045-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1105443
CVE References: CVE-2018-1000632
Sources used:
openSUSE Backports SLE-15 (src):    dom4j-1.6.1-bp150.2.3.1