Bug 769184 (CVE-2012-2807)

Summary: VUL-0: CVE-2012-2807: libxml2: integer overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner, mstehno, security-team, vcizek
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/47484/
Whiteboard: maint:running:48073:important maint:released:sle10-sp3:48359 maint:released:sle10-sp4:48360 maint:running:51768:moderate maint:released:sle10-sp3:54711
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: PoC

Description Ludwig Nussel 2012-06-28 08:37:12 UTC 
Your friendly security team received the following report via security@suse.de.
Please respond ASAP.
The issue is public.

======================================================
Name: CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.


Reference: CONFIRM: http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=129930


git commit referring to the bug report:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb
Comment 1 Vítězslav Čížek 2012-06-28 12:40:45 UTC 
Packages for SLE submitted.
Comment 3 Swamp Workflow Management 2012-06-28 12:59:24 UTC 
The SWAMPID for this issue is 48073.
This issue was rated as important.
Please submit fixed packages until 2012-07-05.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Swamp Workflow Management 2012-06-28 22:00:27 UTC 
bugbot adjusting priority
Comment 5 Ludwig Nussel 2012-06-29 06:23:30 UTC 
Daniel Veillard plans to develop a better solution for upstream next week
Comment 6 Marcus Meissner 2012-07-04 12:37:04 UTC 
i have adjusted the submission date towards next week.
Comment 7 Marcus Meissner 2012-07-10 11:29:03 UTC 
any news?
Comment 8 Vítězslav Čížek 2012-07-10 11:37:47 UTC 
Unfortunately there's no upstream commit yet.
Comment 9 Marcus Meissner 2012-07-10 11:56:37 UTC 
i pushed the deadline back another week
Comment 10 Marcus Meissner 2012-07-16 07:25:43 UTC 
canceled the swamp to wait for a fix ... 

any news?
Comment 11 Vítězslav Čížek 2012-07-16 13:02:19 UTC 
still no fix :-(
Comment 12 Vítězslav Čížek 2012-07-18 11:42:34 UTC 
Upstream patch finally out:

https://bugzilla.redhat.com/show_bug.cgi?id=835863#c4
Comment 13 Swamp Workflow Management 2012-07-18 12:16:08 UTC 
The SWAMPID for this issue is 48354.
This issue was rated as moderate.
Please submit fixed packages until 2012-08-01.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 14 Marcus Meissner 2012-07-18 19:20:15 UTC 
you just submitted sle11 sp1? 

is the sle10 codebase affected?
Comment 16 Vítězslav Čížek 2012-08-02 11:52:44 UTC 
openSUSE packages submitted
Comment 17 Swamp Workflow Management 2012-08-09 15:08:41 UTC 
openSUSE-SU-2012:0975-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 769184
CVE References: CVE-2012-2807
Sources used:
openSUSE 12.1 (src):    libxml2-2.7.8+git20110708-3.11.1
openSUSE 11.4 (src):    libxml2-2.7.8-34.1
Comment 18 Bernhard Wiedemann 2012-08-27 16:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (769184) was mentioned in
https://build.opensuse.org/request/show/131786 Evergreen:11.2 / libxml2
Comment 19 Bernhard Wiedemann 2012-08-28 11:00:07 UTC 
This is an autogenerated message for OBS integration:
This bug (769184) was mentioned in
https://build.opensuse.org/request/show/131845 Evergreen:11.2 / libxml2
Comment 20 Vítězslav Čížek 2012-08-30 20:25:40 UTC 
Created attachment 504102 [details]
PoC

Taken from here:
https://code.google.com/p/chromium/issues/detail?id=107128
Comment 21 Marcus Meissner 2012-09-06 11:31:21 UTC 
released
Comment 22 Swamp Workflow Management 2012-09-06 12:09:30 UTC 
Update released for: libxml2, libxml2-devel
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 23 Swamp Workflow Management 2012-09-06 12:09:51 UTC 
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 24 Swamp Workflow Management 2012-09-06 17:05:36 UTC 
Update released for: libxml2, libxml2-32bit, libxml2-64bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-devel-64bit, libxml2-x86
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 25 Swamp Workflow Management 2013-10-15 08:51:56 UTC 
The SWAMPID for this issue is 54710.
This issue was rated as important.
Please submit fixed packages until 2013-10-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 26 Swamp Workflow Management 2013-11-04 12:51:44 UTC 
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-python, libxml2-python-debuginfo, libxml2-test
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)