First Last Prev Next    This bug is not in your last search results.
Bug 1204367 - (CVE-2022-40304) VUL-0: CVE-2022-40304: libxml2: Fix dict corruption caused by entity reference cycles
(CVE-2022-40304)
VUL-0: CVE-2022-40304: libxml2: Fix dict corruption caused by entity referenc...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/345325/
CVSSv3.1:SUSE:CVE-2022-40304:8.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-17 09:09 UTC by Robert Frohl
Modified: 2022-12-02 08:56 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-10-17 09:09:25 UTC 
[CVE-2022-40304] Fix dict corruption caused by entity reference cycles

When an entity reference cycle is detected, the entity content is
cleared by setting its first byte to zero. But the entity content might
be allocated from a dict. In this case, the dict entry becomes corrupted
leading to all kinds of logic errors, including memory errors like
double-frees.

Stop storing entity content, orig, ExternalID and SystemID in a dict.
These values are unlikely to occur multiple times in a document, so they
shouldn't have been stored in a dict in the first place.

Thanks to Ned Williamson and Nathan Wachholz working with Google Project
Zero for the report!

https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2
Comment 1 Robert Frohl 2022-10-17 12:38:20 UTC 
tracking as affected:

- SUSE:SLE-11-SP1:Update/libxml2
- SUSE:SLE-12-SP2:Update/libxml2
- SUSE:SLE-15:Update/libxml2
- SUSE:SLE-15-SP4:Update/libxml2
Comment 5 David Anes 2022-10-17 13:50:45 UTC 
All done. Sending back to security.
Comment 6 OBSbugzilla Bot 2022-10-17 14:15:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1204367) was mentioned in
https://build.opensuse.org/request/show/1014116 Factory / libxml2
Comment 7 Swamp Workflow Management 2022-10-21 19:18:50 UTC 
SUSE-SU-2022:3692-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1204366,1204367
CVE References: CVE-2022-40303,CVE-2022-40304
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libxml2-2.9.14-150400.5.10.1, libxml2-python-2.9.14-150400.5.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    libxml2-2.9.14-150400.5.10.1, libxml2-python-2.9.14-150400.5.10.1
SUSE Linux Enterprise Micro 5.3 (src):    libxml2-2.9.14-150400.5.10.1, libxml2-python-2.9.14-150400.5.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-10-25 13:27:53 UTC 
SUSE-SU-2022:3717-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1201978,1204366,1204367
CVE References: CVE-2016-3709,CVE-2022-40303,CVE-2022-40304
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3
SUSE OpenStack Cloud 9 (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libxml2-2.9.4-46.59.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12-SP5 (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libxml2-2.9.4-46.59.2, python-libxml2-2.9.4-46.59.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-11-04 17:28:37 UTC 
SUSE-SU-2022:3871-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1201978,1204366,1204367
CVE References: CVE-2016-3709,CVE-2022-40303,CVE-2022-40304
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
openSUSE Leap 15.4 (src):    python-libxml2-python-2.9.7-150000.3.51.1
openSUSE Leap 15.3 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Manager Server 4.1 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Manager Retail Branch Server 4.1 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Manager Proxy 4.1 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server for SAP 15 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Server 15-LTSS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Micro 5.2 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise Micro 5.1 (src):    libxml2-2.9.7-150000.3.51.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Enterprise Storage 7 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE Enterprise Storage 6 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1
SUSE CaaS Platform 4.0 (src):    libxml2-2.9.7-150000.3.51.1, python-libxml2-python-2.9.7-150000.3.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.