Bug 470480 (CVE-2008-4225)
| Summary: | CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | bressers, kreilly, veillard | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-11-26 08:07:24 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 470469, 470470, 470472, 470473, 470474, 470475 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
This issue affects all versions of the libxml2 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. This issue affects all versions of the libxml2 package, as shipped with Fedora release of 8, 9 or 10. The patch looks fine, though it gets really hard to reproduce and test, Daniel Lifting embargo libxml2-2.7.2-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9 libxml2-2.7.2-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10 libxml2-2.7.2-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. libxml2-2.7.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. libxml2-2.7.2-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0988.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9729 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9773 https://admin.fedoraproject.org/updates/f10/FEDORA-2008-10038 |
Created attachment 322846 [details] Proposed patch from Drew Yao Description of problem: Drew Yao of Apple Product Security has reported an integer overflow present in xmlBufferResize function in the libxml2 library potentially leading to an infinite loop. User could provide a very large XML file for parsing to the XML parsing library, which could allow him to cause a denial of service. Proposed patch: See attachment. Acknowledgements: Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.