Bug 661471 – VUL-0: libxml2: double free in Xpath processing

Bug 661471 - VUL-0: libxml2: double free in Xpath processing


Summary:	VUL-0: libxml2: double free in Xpath processing

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	libxml2 maint:released:11.2:38021 mai...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2010-12-27 10:50 UTC by Thomas Biege
Modified:	2019-09-25 15:55 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2010-12-27 10:50:20 UTC

Hi.
There is a security bug in package 'libxml2'.

This bug is public.

There is no coordinated release date (CRD) set.

More information can be found here:
	http://www.debian.org/security/

CVE number: CVE-2010-4494
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
Note:
This issue seems to be different from bnc#648277


Original posting:


----------  Weitergeleitete Nachricht  ----------

Betreff: [Full-disclosure] [SECURITY] [DSA 2137-1] Security update for libxml2
Datum: Sonntag 26 Dezember 2010
Von: Moritz Muehlenhoff <jmm@debian.org>
An: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2137-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
December 26, 2010                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2010-4494

Yang Dingning discovered a double free in libxml's Xpath processing, 
which might allow the execution of arbitrary code.


For the stable distribution (lenny), this problem has been fixed
in version 2.6.32.dfsg-5+lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), this problem has been fixed in version 
2.7.8.dfsg-2.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0XYvAACgkQXm3vHE4uyloCnQCghdYhczRUmuYXO8jjz/hWd6mk
vBIAmwbh5Ri+mtQB7TrqyGs+oZTBw3gL
=YRUn
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-------------------------------------------------------------
-- 
 Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Comment 1 Petr Uzel 2011-01-03 11:09:20 UTC

Submitted to

OBS:
- Factory : sr#56998
- 11.1    : sr#57003
- 11.2    : sr#57002
- 11.3    : sr#57001

IBS:
- SLE11-SP1 : sr#9907

[SLE10 and earlier are not affected.]

Comment 2 Swamp Workflow Management 2011-01-04 12:50:17 UTC

The SWAMPID for this issue is 38020.
This issue was rated as moderate.
Please submit fixed packages until 2011-01-18.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 3 Sebastian Krahmer 2011-01-04 14:40:59 UTC

BTW, does this also include patch for planned update for
bnc#635119?

Comment 4 Petr Uzel 2011-01-05 07:25:20 UTC

(In reply to comment #3)
> BTW, does this also include patch for planned update for
> bnc#635119?

Oops, no; I'll add it and resubmit.

Comment 5 Sebastian Krahmer 2011-01-05 07:44:39 UTC

This is only a re-submit for SLE11-SP1 right?
So I dont need to resubmit box PI's.

Comment 6 Petr Uzel 2011-01-05 07:54:23 UTC

(In reply to comment #5)
> This is only a re-submit for SLE11-SP1 right?

Yes, I will resubmit only for SLE11-SP1.

> So I dont need to resubmit box PI's.

Sorry, I don't know what "box PI's" mean.

Comment 7 Petr Uzel 2011-01-05 08:49:39 UTC

Resubmitted as sr#9930

Comment 8 Swamp Workflow Management 2011-03-30 14:12:28 UTC

Update released for: libxml2, libxml2-debuginfo, libxml2-debuginfo-32bit, libxml2-debuginfo-x86, libxml2-debugsource, libxml2-devel, libxml2-doc
Products:
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)

Comment 9 Ludwig Nussel 2011-03-30 14:12:35 UTC

released

Comment 10 Swamp Workflow Management 2011-03-31 11:19:24 UTC

Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-debuginfo-32bit, libxml2-debuginfo-64bit, libxml2-debuginfo-x86, libxml2-debugsource, libxml2-devel, libxml2-devel-32bit, libxml2-doc, libxml2-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)