Bug 1140101 - (CVE-2019-13118) VUL-1: CVE-2019-13118: libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character
(CVE-2019-13118)
VUL-1: CVE-2019-13118: libxslt: read of uninitialized stack data due to too n...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/235950/
CVSSv3:SUSE:CVE-2019-13118:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-02 14:16 UTC by Alexandros Toptsoglou
Modified: 2020-09-08 11:00 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-07-02 14:16:00 UTC
CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an
xsl:number instruction was too narrow and an invalid character/length
combination could be passed to xsltNumberFormatDecimal, leading to a read of
uninitialized stack data.

References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13118
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13118.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118
https://oss-fuzz.com/testcase-detail/5197371471822848
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
Comment 1 Alexandros Toptsoglou 2019-07-02 14:16:47 UTC
All codestreams are affected. The fix is in commit [1] 

[1]  https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
Comment 3 Pedro Monreal Gonzalez 2019-07-03 11:30:09 UTC
Factory submission:
https://build.opensuse.org/request/show/713209
Comment 5 Swamp Workflow Management 2019-07-17 16:14:52 UTC
SUSE-SU-2019:1867-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1140095,1140101
CVE References: CVE-2019-13117,CVE-2019-13118
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libxslt-1.1.28-17.6.1
SUSE Linux Enterprise Server 12-SP4 (src):    libxslt-1.1.28-17.6.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    libxslt-1.1.28-17.6.1
SUSE CaaS Platform 3.0 (src):    libxslt-1.1.28-17.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-07-18 13:05:27 UTC
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2019-08-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64329
Comment 8 Swamp Workflow Management 2020-05-25 19:16:11 UTC
SUSE-SU-2020:1409-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1140095,1140101,1154609
CVE References: CVE-2019-13117,CVE-2019-13118,CVE-2019-18197
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libxslt-1.1.32-3.8.24

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-05-28 22:14:22 UTC
openSUSE-SU-2020:0731-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1140095,1140101,1154609
CVE References: CVE-2019-13117,CVE-2019-13118,CVE-2019-18197
Sources used:
openSUSE Leap 15.1 (src):    libxslt-1.1.32-lp151.3.6.1, libxslt-python-1.1.32-lp151.3.6.1