Bug 1310699 (CVE-2016-2099)
Summary: | CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | abhgupta, aortega, avagarwa, bhu, dmcphers, esammons, iboverma, jialiu, jokerman, jross, kpalko, kseifried, lmeyer, matt, mcressma, mmccomas, rrajasek, sardella, security-response-team, tiwillia, williams | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | xerces-c 3.2.0, xerces-c 3.1.4 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-07-04 12:29:24 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1334686, 1334687, 1334688, 1334689 | ||||||||
Bug Blocks: | 1310741 | ||||||||
Attachments: |
|
Description
Adam Mariš
2016-02-22 14:35:39 UTC
Created attachment 1129358 [details]
Backtrace report
Upstream bug: https://issues.apache.org/jira/browse/XERCESC-2066 "The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object." Created mingw-xerces-c tracking bugs for this issue: Affects: fedora-all [bug 1334687] Created xerces-c tracking bugs for this issue: Affects: fedora-all [bug 1334686] Affects: epel-6 [bug 1334689] Created xerces-c27 tracking bugs for this issue: Affects: fedora-all [bug 1334688] xerces-c-3.1.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. mingw-xerces-c-3.1.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. mingw-xerces-c-3.1.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. xerces-c-3.1.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. mingw-xerces-c-3.1.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. xerces-c-3.1.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. Created attachment 1294178 [details]
Patch from upstream bug
Acknowledgments: Name: Gustavo Grieco Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. |