Bug 470480 (CVE-2008-4225)

Summary: CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bressers, kreilly, veillard
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: reported=20081103,public=20081117,source=vendorsec,impact=moderate,cwe=CWE-190[auto]
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-26 03:07:24 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 470469, 470470, 470472, 470473, 470474, 470475    
Bug Blocks:    
Attachments:
Description Flags
Proposed patch from Drew Yao none

Description Jan Lieskovsky 2008-11-07 06:50:24 EST
Created attachment 322846 [details]
Proposed patch from Drew Yao

Description of problem:

Drew Yao of Apple Product Security has reported an integer overflow
present in xmlBufferResize function in the libxml2 library potentially
leading to an infinite loop. User could provide a very large XML file
for parsing to the XML parsing library, which could allow him to
cause a denial of service.

Proposed patch: See attachment.

Acknowledgements:

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.
Comment 3 Jan Lieskovsky 2008-11-07 07:02:30 EST
This issue affects all versions of the libxml2 package, as shipped with
Red Hat Enterprise Linux 2.1, 3, 4 or 5.

This issue affects all versions of the libxml2 package, as shipped with
Fedora release of 8, 9 or 10.
Comment 6 Daniel Veillard 2008-11-12 09:49:36 EST
The patch looks fine, though it gets really hard to reproduce and test,

Daniel
Comment 8 Josh Bressers 2008-11-17 10:50:34 EST
Lifting embargo
Comment 9 Fedora Update System 2008-11-17 11:55:55 EST
libxml2-2.7.2-2.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9
Comment 10 Fedora Update System 2008-11-17 11:57:00 EST
libxml2-2.7.2-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10
Comment 11 Fedora Update System 2008-11-19 09:50:56 EST
libxml2-2.7.2-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2008-11-19 09:55:33 EST
libxml2-2.7.2-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2008-11-22 11:50:39 EST
libxml2-2.7.2-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.