Bug 1393780 (CVE-2016-1841)

Summary: CVE-2016-1841 libxslt: Use after free in xsltDocumentFunctionLoadDocument
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aortega, apevec, ayoung, bhu, chrisw, cvsbot-xmlrpc, erik-fedora, esammons, gmollett, iboverma, jross, jschluet, kbasil, lhh, lpeer, markmc, matt, mcressma, mrg-program-list, rbryant, rhos-maint, rhs-bugs, rjones, sclewis, sgirijan, sisharma, smohan, ssaha, storage-qa-internal, tdecacqu, vbellur, veillard, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-13 03:22:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1393782, 1393783, 1393784    
Bug Blocks: 1393786    

Description Adam Mariš 2016-11-10 10:37:19 UTC 
A use after free vulnerability was found in xsltDocumentFunctionLoadDocument that can be triggered via crafted XML document.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=758291

Upstream patch:

https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
Comment 1 Adam Mariš 2016-11-10 10:43:20 UTC 
Created libxslt tracking bugs for this issue:

Affects: fedora-all [bug 1393782]
Comment 2 Adam Mariš 2016-11-10 10:43:39 UTC 
Created mingw-libxslt tracking bugs for this issue:

Affects: fedora-all [bug 1393783]
Affects: epel-7 [bug 1393784]