Date: Wed, 19 Nov 2008 23:41:01 +0300 (MSK) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/128998: [vuxml] document vulnerabilities in textproc/libxml2 Message-ID: <20081119204101.5FBD7F181F@phoenix.codelabs.ru> Resent-Message-ID: <200811192050.mAJKo2AT055550@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128998 >Category: ports >Synopsis: [vuxml] document vulnerabilities in textproc/libxml2 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 19 20:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: Code Labs >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: The fix for the CVE-2008-4225 and CVE-2008-4226 was commited to the textproc/libxml2 just an hour ago, but vulnerabilities seem to be left undocumented. At least I was not able to find the corresponding PR and reporting channels are not clear from the commit comment. >How-To-Repeat: http://secunia.com/Advisories/32773/ http://www.freebsd.org/cgi/cvsweb.cgi/ports/textproc/libxml2/Makefile >Fix: The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid="unknown"> <topic>libxml2 -- two integer overflow vulnerabilities</topic> <affects> <package> <name>libxml2</name> <range><lt>2.6.32_2</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Secunia reports:</p> <blockquote cite="http://secunia.com/Advisories/32773/">; <p>Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a Denial of Service or to potentially compromise an application using the library.</p> <ol> <li>An integer overflow error in the “xmlSAX2Characters()” function can be exploited to trigger a memory corruption via a specially crafted XML file. Successful exploitation may allow execution of arbitrary code, but requires e.g. that the user is tricked into processing an overly large XML file (2GB or more).</li> <li>An integer overflow error in the “xmlBufferResize()” function can be exploited to trigger the execution of an infinite loop.</li> </ol> </blockquote> </body> </description> <references> <cvename>CVE-2008-4225</cvename> <cvename>CVE-2008-4226</cvename> <url>http://secunia.com/Advisories/32773/</url>; <url>https://bugzilla.redhat.com/show_bug.cgi?id=470466</url>; <url>https://bugzilla.redhat.com/show_bug.cgi?id=470480</url>; </references> <dates> <discovery>2008-11-07</discovery> </dates> </vuln> --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081119204101.5FBD7F181F>