Bug 1770768 (CVE-2019-18197)
| Summary: | CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | apevec, dbecker, devrim, dking, erack, erik-fedora, hvyas, jjelen, jjoyce, jschluet, kbasil, klember, lhh, lpeer, mburns, mcatanza, puebele, rhos-maint, rjones, sclewis, sisharma, slinaber, tpopela, tvainio, vbellur, veillard |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libxslt 1.1.34 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-02-17 14:09:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1770770, 1770771, 1770772, 1770773, 1770774, 1771944, 1775516, 1775517, 1801837, 1921200, 1921201, 1921202 | ||
| Bug Blocks: | 1770769 | ||
|
Description
Dhananjay Arunesh
2019-11-11 10:18:52 UTC
Created libxslt tracking bugs for this issue: Affects: fedora-all [bug 1770770] Created mingw-libxslt tracking bugs for this issue: Affects: epel-7 [bug 1770772] Created libxslt tracking bugs for this issue: Affects: fedora-all [bug 1770773] Created mingw-libxslt tracking bugs for this issue: Affects: fedora-all [bug 1770774] This is basically a use-after-free error that only happened when a node's text content was freed and the same memory area was reused for another node's text content. In glibc's memory allocator it causes either use-of-uninitialized-value or causes an abort. Statement: Red Hat OpenStack consumes fixes from the base Red Hat Enterprise Linux Operating System. Therefore the libxslt package provided by Red Hat OpenStack has been marked as 'will not fix'. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0514 https://access.redhat.com/errata/RHSA-2020:0514 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-18197 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4005 https://access.redhat.com/errata/RHSA-2020:4005 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4464 https://access.redhat.com/errata/RHSA-2020:4464 |