Bug 1005544 - (CVE-2016-4658) VUL-0: CVE-2016-4658: libxml2: Use after free via namespace node in XPointer ranges
(CVE-2016-4658)
VUL-0: CVE-2016-4658: libxml2: Use after free via namespace node in XPointer ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/172958/
CVSSv2:SUSE:CVE-2016-4658:5.1:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-19 10:47 UTC by Victor Pereira
Modified: 2021-11-11 14:45 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-10-19 10:47:02 UTC
rh#1384424

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

Found with afl-fuzz.


References:
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b (upstream commit)
https://bugzilla.redhat.com/show_bug.cgi?id=1384424
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4658
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
Comment 2 Swamp Workflow Management 2016-10-19 22:01:52 UTC
bugbot adjusting priority
Comment 7 Swamp Workflow Management 2016-10-26 12:27:14 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-11-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63155
Comment 8 Andreas Stieger 2016-10-26 12:30:31 UTC
Please submit for openSUSE 13.2
Comment 9 Swamp Workflow Management 2016-10-26 16:24:01 UTC
SUSE-SU-2016:2650-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1005544
CVE References: CVE-2016-4658
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libxml2-2.9.1-26.3.1
SUSE Linux Enterprise Server 12-SP1 (src):    libxml2-2.9.1-26.3.1, python-libxml2-2.9.1-26.3.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libxml2-2.9.1-26.3.1, python-libxml2-2.9.1-26.3.1
Comment 10 Swamp Workflow Management 2016-10-26 16:25:21 UTC
SUSE-SU-2016:2652-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1005544
CVE References: CVE-2016-4658
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libxml2-2.7.6-0.50.1
SUSE Linux Enterprise Server 11-SP4 (src):    libxml2-2.7.6-0.50.1, libxml2-python-2.7.6-0.50.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libxml2-2.7.6-0.50.1, libxml2-python-2.7.6-0.50.4
Comment 11 Bernhard Wiedemann 2016-10-26 22:00:42 UTC
This is an autogenerated message for OBS integration:
This bug (1005544) was mentioned in
https://build.opensuse.org/request/show/437474 13.2 / libxml2
Comment 13 Swamp Workflow Management 2016-11-03 14:07:14 UTC
openSUSE-SU-2016:2711-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1005544
CVE References: CVE-2016-4658
Sources used:
openSUSE Leap 42.1 (src):    libxml2-2.9.1-22.1, python-libxml2-2.9.1-22.1
Comment 14 Swamp Workflow Management 2016-11-04 15:08:33 UTC
openSUSE-SU-2016:2730-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1005544
CVE References: CVE-2016-4658
Sources used:
openSUSE 13.2 (src):    libxml2-2.9.4-7.20.1, python-libxml2-2.9.4-7.20.1
Comment 15 Marcus Meissner 2016-11-17 10:25:41 UTC
sle12 sp2 has a libxml2 fork and might need this update too.
Comment 19 Swamp Workflow Management 2017-02-03 23:12:46 UTC
SUSE-SU-2017:0380-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005544,1010675,1013930,1014873,1017497
CVE References: CVE-2016-4658,CVE-2016-9318,CVE-2016-9597
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libxml2-2.9.4-33.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libxml2-2.9.4-33.1, python-libxml2-2.9.4-33.1
SUSE Linux Enterprise Server 12-SP2 (src):    libxml2-2.9.4-33.1, python-libxml2-2.9.4-33.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libxml2-2.9.4-33.1, python-libxml2-2.9.4-33.1
Comment 20 Swamp Workflow Management 2017-02-11 02:11:07 UTC
openSUSE-SU-2017:0446-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005544,1010675,1013930,1014873,1017497
CVE References: CVE-2016-4658,CVE-2016-9318,CVE-2016-9597
Sources used:
openSUSE Leap 42.2 (src):    libxml2-2.9.4-3.1, python-libxml2-2.9.4-3.1
Comment 21 Pedro Monreal Gonzalez 2017-03-07 12:01:01 UTC
It seems that everything is fixed here. I'm reassigning it to the security-team.

SLE-10-SP3:Update:Test/libxml2	#123492
SLE-11:Update/libxml2		Unnecessary
SLE-11-SP1:Update/libxml2	#123000
SLE-12-SP2:Update/libxml2	#127071
SLE-12:Update/libxml2		#123002

Leap:42.1:Update		Comes from SLE-12
Leap:42.2:Update		Comes from SLE-12-SP2

openSUSE:Factory		#477477
Comment 22 Marcus Meissner 2017-05-16 14:11:57 UTC
all reeased