Bug 1384424 (CVE-2016-4658)

Summary: CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: athmanem, c.david86, cwarfiel, dking, dmoppert, ekirby, erik-fedora, fedora-mingw, gferrazs, huzaifas, jimhart, ktietz, mm00341408, ohudlick, ravpatil, rh-spice-bugs, rjones, sardella, sbalasub, slawomir, veillard, ytale
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libxml2 2.9.5 Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-26 05:00:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1384427, 1384429, 1384430, 1548946, 1695386, 1966916    
Bug Blocks: 1384433    

Description Adam Mariš 2016-10-13 09:21:10 UTC 
Possible use after free vulnerability via namespace nodes in XPointer ranges was found.

Upstream patch:

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
Comment 1 Adam Mariš 2016-10-13 09:24:00 UTC 
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1384427]
Comment 2 Adam Mariš 2016-10-13 09:24:09 UTC 
Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1384429]
Affects: epel-7 [bug 1384430]
Comment 5 Maumita Mandal 2017-03-24 11:43:09 UTC 
(In reply to Adam Mariš from comment #0)
> Possible use after free vulnerability via namespace nodes in XPointer ranges
> was found.
> 
> Upstream patch:
> 
> https://git.gnome.org/browse/libxml2/commit/
> ?id=c1d1f7121194036608bf555f08d3062a36fd344b

Hello Adam,

We have been monitoring the URL ftp://xmlsoft.org/libxml2/ for the latest release of the official patch of libxml2 containing the patches for the bugs associated with the CVE-2016-4658, CVE-2016-9318 and CVE-2016-9597, but have observed that no binary files have been released yet.

From the URL http://rpmfind.net/linux/RPM/opensuse/updates/leap/42.2/oss/src/libxml2-2.9.4-3.1.src.html we found that a RPM file has been released, but as our requirement is a binary version we can't go for the RPM version.

Could you kindly confirm the ETA for the release of the official libxml2 2.9.4-3.1 binary package containing all the above mentioned patches?

Kind regards,
Maumita Mandal
Comment 6 Jim Hart 2017-08-09 20:31:50 UTC 
Is this still being considered for a fix?  Please let me know.
Comment 24 errata-xmlrpc 2021-10-12 15:31:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3810 https://access.redhat.com/errata/RHSA-2021:3810
Comment 25 Red Hat Bugzilla 2023-09-15 00:00:16 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days