Bug 1035905 - (CVE-2017-5029) VUL-1: CVE-2017-5029: libxslt: integer overflow during a size calculation (xsltAddTextString function in transform.c)
(CVE-2017-5029)
VUL-1: CVE-2017-5029: libxslt: integer overflow during a size calculation (xs...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-5029:3.3:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-25 08:38 UTC by Mikhail Kasimov
Modified: 2020-06-16 13:57 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Updated patches for SLE-10, 11 and 12 and Factory. (2.72 KB, application/gzip)
2017-04-25 15:23 UTC, Pedro Monreal Gonzalez
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-04-25 08:38:56 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-5029
====================================================
Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Source:  MITRE      Last Modified:  04/24/2017
====================================================

Hyperlink

[1] https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

[2] https://crbug.com/676623

[3] https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

[4] https://security-tracker.debian.org/tracker/CVE-2017-5029

(open-)SUSE: https://software.opensuse.org/package/libxslt

1.2.9 (TW, official repo)
1.2.8 (42.{1,2}, official repo)
Comment 1 Pedro Monreal Gonzalez 2017-04-25 15:23:19 UTC
Created attachment 722618 [details]
Updated patches for SLE-10, 11 and 12 and Factory.

Fixed CVE-2017-5029 using the patch upstream. All codestreams are affected. See the following submissions:

SUSE:SLE-12:Update              1.1.28  mr#131786
SUSE:SLE-11:Update              1.1.24  sr#131785
SUSE:SLE-10-SP3:Update          1.1.15  sr#131783

openSUSE:Factory                1.1.29  sr#491045
openSUSE:Leap:42.2:Update       From SLE-12:GA
openSUSE:Leap:42.1:Update       From SLE-12:GA

Added patches:
libxslt-1.1.28-CVE-2017-5029.patch for SLE-12 and Factory
libxslt-1.1.24-CVE-2017-5029.patch for SLE-10-SP3 and SLE-11

Assigning bug to security-team.
Comment 2 Pedro Monreal Gonzalez 2017-04-26 10:54:20 UTC
New submission for SLE-11 sr#131807.
Comment 5 Swamp Workflow Management 2017-05-15 19:14:30 UTC
SUSE-SU-2017:1282-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005591,1035905,934119,952474
CVE References: CVE-2015-7995,CVE-2015-9019,CVE-2016-4738,CVE-2017-5029
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libxslt-1.1.24-19.33.1, libxslt-python-1.1.24-19.33.3
SUSE Linux Enterprise Server 11-SP4 (src):    libxslt-1.1.24-19.33.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libxslt-1.1.24-19.33.1, libxslt-python-1.1.24-19.33.3
Comment 6 Swamp Workflow Management 2017-05-16 19:13:11 UTC
SUSE-SU-2017:1313-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005591,1035905,934119,952474
CVE References: CVE-2015-7995,CVE-2015-9019,CVE-2016-4738,CVE-2017-5029
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libxslt-1.1.28-16.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libxslt-1.1.28-16.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libxslt-1.1.28-16.1
SUSE Linux Enterprise Server 12-SP2 (src):    libxslt-1.1.28-16.1
SUSE Linux Enterprise Server 12-SP1 (src):    libxslt-1.1.28-16.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libxslt-1.1.28-16.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libxslt-1.1.28-16.1
Comment 7 Swamp Workflow Management 2017-05-23 19:15:46 UTC
openSUSE-SU-2017:1390-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005591,1035905,934119,952474
CVE References: CVE-2015-7995,CVE-2015-9019,CVE-2016-4738,CVE-2017-5029
Sources used:
openSUSE Leap 42.2 (src):    libxslt-1.1.28-10.3.1, libxslt-python-1.1.28-10.3.1
Comment 8 Marcus Meissner 2017-10-25 19:38:50 UTC
released