Bug 1716454 (CVE-2016-4608)

Summary: CVE-2016-4608 libxslt: stack-based buffer overflow at exsltDateFormat()
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apevec, dking, erik-fedora, igor.raits, jjoyce, jschluet, klember, lhh, lpeer, mburns, rjones, sclewis, sisharma, slinaber, veillard
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libxslt 1.1.29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 03:29:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1716458, 1716459, 1718329, 1725531    
Bug Blocks: 1714985    

Description Dhananjay Arunesh 2019-06-03 14:33:02 UTC 
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on
Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before
2.2.2 allows remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via unknown vectors, a different
vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and
CVE-2016-4612.

Reference:
http://seclists.org/oss-sec/2017/q2/385
Comment 1 Dhananjay Arunesh 2019-06-03 14:34:56 UTC 
Created libxslt tracking bugs for this issue:

Affects: fedora-all [bug 1716458]


Created mingw-libxslt tracking bugs for this issue:

Affects: fedora-all [bug 1716459]
Comment 3 Marco Benatto 2019-06-07 13:30:59 UTC 
Upstream patch for this issue:
https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7
Comment 7 Marco Benatto 2019-06-12 13:10:53 UTC 
Statement:

Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.

This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5, 6 and 7 and was rated as having Moderated security impact by the Red Hat Product Security.
An eventual update for Red Hat Enterprise Linux 7 may address this issue.

Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Comment 9 Marco Benatto 2019-06-12 13:32:28 UTC 
Using date:add function with long year values on a XSL file on top of 64-bits systems causes a stack-based buffer overflow on libxsl exsltDateFormat()
function. The overflow happens as 64 bits platforms may support longer year values than the length expected by the internal buffer used on date add calculation. This bug causes memory corruption, which may lead to unexpected behavior.