Bug 769184 - (CVE-2012-2807) VUL-0: CVE-2012-2807: libxml2: integer overflow
(CVE-2012-2807)
VUL-0: CVE-2012-2807: libxml2: integer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/47484/
maint:running:48073:important maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-28 08:37 UTC by Ludwig Nussel
Modified: 2020-11-16 07:50 UTC (History)
4 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
PoC (4.23 KB, application/xhtml+xml)
2012-08-30 20:25 UTC, Vítězslav Čížek
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2012-06-28 08:37:12 UTC
Your friendly security team received the following report via security@suse.de.
Please respond ASAP.
The issue is public.

======================================================
Name: CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.


Reference: CONFIRM: http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=129930


git commit referring to the bug report:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb
Comment 1 Vítězslav Čížek 2012-06-28 12:40:45 UTC
Packages for SLE submitted.
Comment 3 Swamp Workflow Management 2012-06-28 12:59:24 UTC
The SWAMPID for this issue is 48073.
This issue was rated as important.
Please submit fixed packages until 2012-07-05.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Swamp Workflow Management 2012-06-28 22:00:27 UTC
bugbot adjusting priority
Comment 5 Ludwig Nussel 2012-06-29 06:23:30 UTC
Daniel Veillard plans to develop a better solution for upstream next week
Comment 6 Marcus Meissner 2012-07-04 12:37:04 UTC
i have adjusted the submission date towards next week.
Comment 7 Marcus Meissner 2012-07-10 11:29:03 UTC
any news?
Comment 8 Vítězslav Čížek 2012-07-10 11:37:47 UTC
Unfortunately there's no upstream commit yet.
Comment 9 Marcus Meissner 2012-07-10 11:56:37 UTC
i pushed the deadline back another week
Comment 10 Marcus Meissner 2012-07-16 07:25:43 UTC
canceled the swamp to wait for a fix ... 

any news?
Comment 11 Vítězslav Čížek 2012-07-16 13:02:19 UTC
still no fix :-(
Comment 12 Vítězslav Čížek 2012-07-18 11:42:34 UTC
Upstream patch finally out:

https://bugzilla.redhat.com/show_bug.cgi?id=835863#c4
Comment 13 Swamp Workflow Management 2012-07-18 12:16:08 UTC
The SWAMPID for this issue is 48354.
This issue was rated as moderate.
Please submit fixed packages until 2012-08-01.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 14 Marcus Meissner 2012-07-18 19:20:15 UTC
you just submitted sle11 sp1? 

is the sle10 codebase affected?
Comment 16 Vítězslav Čížek 2012-08-02 11:52:44 UTC
openSUSE packages submitted
Comment 17 Swamp Workflow Management 2012-08-09 15:08:41 UTC
openSUSE-SU-2012:0975-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 769184
CVE References: CVE-2012-2807
Sources used:
openSUSE 12.1 (src):    libxml2-2.7.8+git20110708-3.11.1
openSUSE 11.4 (src):    libxml2-2.7.8-34.1
Comment 18 Bernhard Wiedemann 2012-08-27 16:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (769184) was mentioned in
https://build.opensuse.org/request/show/131786 Evergreen:11.2 / libxml2
Comment 19 Bernhard Wiedemann 2012-08-28 11:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (769184) was mentioned in
https://build.opensuse.org/request/show/131845 Evergreen:11.2 / libxml2
Comment 20 Vítězslav Čížek 2012-08-30 20:25:40 UTC
Created attachment 504102 [details]
PoC

Taken from here:
https://code.google.com/p/chromium/issues/detail?id=107128
Comment 21 Marcus Meissner 2012-09-06 11:31:21 UTC
released
Comment 22 Swamp Workflow Management 2012-09-06 12:09:30 UTC
Update released for: libxml2, libxml2-devel
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 23 Swamp Workflow Management 2012-09-06 12:09:51 UTC
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 24 Swamp Workflow Management 2012-09-06 17:05:36 UTC
Update released for: libxml2, libxml2-32bit, libxml2-64bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-devel-64bit, libxml2-x86
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 25 Swamp Workflow Management 2013-10-15 08:51:56 UTC
The SWAMPID for this issue is 54710.
This issue was rated as important.
Please submit fixed packages until 2013-10-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 26 Swamp Workflow Management 2013-11-04 12:51:44 UTC
Update released for: libxml2, libxml2-32bit, libxml2-debuginfo, libxml2-devel, libxml2-devel-32bit, libxml2-python, libxml2-python-debuginfo, libxml2-test
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)