Bug 458086 (CVE-2008-3281)
| Summary: | CVE-2008-3281 libxml2 denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Red Hat Product Security <security-response-team> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bressers, kreilly, ohudlick, security-response-team, veillard |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3281 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-03-26 18:15:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 458091, 458092, 458093, 458094, 458095, 458096, 459712, 459713, 459714 | ||
| Bug Blocks: | |||
|
Description
Red Hat Product Security
2008-08-06 13:59:19 UTC
I was mistaken, Andreas Solberg is the discoverer of this flaw. Public now via: http://mail.gnome.org/archives/xml/2008-August/msg00034.html libxml2-2.6.32-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. libxml2-2.6.32-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. It seems that it introduces some issues with createrepo command (which uses libxml2-python and libxml2). Sometimes the changelog entries of packages contain "<" and/or ">" symbols. For example, a fragment of the changelog of "k3b" package: > * Wed Oct 6 02:00:00 2004 Harald Hoyer <harald> 0:0.11.17-1 > - version 0.11.17 > - revert the dao -> tao change > - add the suid feature to every app automatically note the "->" in the line: > - revert the dao -> tao change When I create my local repodata ("cd somewhere; createrepo ."), the correspond fragment appears in the "repodata/other.xml.gz" file, in the form of: > - revert the dao -> tao change Then, when I update my repodata by "createrepo --update .", I receive an error: > Scanning old repo data > Indexed 2997 base nodes > Indexed 3001 filelist nodes > /var/ftp/.4/fedora-8/fedora/i386/./repodata/other.xml.gz:118813: parser error : Detected an entity reference loop > - revert the dao -> tao change > ^ > Traceback (most recent call last): > File "/usr/share/createrepo/genpkgmetadata.py", line 722, in <module> > main(sys.argv[1:]) > File "/usr/share/createrepo/genpkgmetadata.py", line 645, in main > mdgen.doPkgMetadata(directory) > File "/usr/share/createrepo/genpkgmetadata.py", line 161, in doPkgMetadata > basefile, flfile, otherfile, opts) > File "/usr/share/createrepo/readMetadata.py", line 41, in __init__ > self.scan() > File "/usr/share/createrepo/readMetadata.py", line 64, in scan > root = libxml2.parseFile(self.files['other']).getRootElement() > File "/usr/lib/python2.5/site-packages/libxml2.py", line 1279, in parseFile > if ret is None:raise parserError('xmlParseFile() failed') > libxml2.parserError: xmlParseFile() failed IOW, the initial "full" createrepo run seems OK, the subsequent run with "--update" is failed. Any comments? Forget, the latest libxml2-2.7.1 has no such an issue... w.r.t. comment #21 the first fix had that problem, we pushed other updates using a different fix without that problem later. 2.7.x fixes it too Daniel This was fixed in RHEL 2.1, 3, 4, and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0836.html |