Bug 533174 (CVE-2009-3560)
| Summary: | CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bressers, erobertstad, jclere, jorton, kasal, kreilly, lindahl, magoldma, mizdebsk, mmaslano, mnowak, psplicha, security-response-team, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | expat 2.1.0 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-01-22 07:47:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 531706, 531707, 531708, 531710, 531711, 556778, 557829, 557837, 812253, 982566 | ||
| Bug Blocks: | 801654 | ||
|
Description
Jan Lieskovsky
2009-11-05 13:56:40 UTC
Upstream patch (needs further testing): http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 expat-2.0.1-8.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/expat-2.0.1-8.fc12 expat-2.0.1-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/expat-2.0.1-8.fc11 expat-2.0.1-8.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/expat-2.0.1-8.fc10 expat-2.0.1-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. expat-2.0.1-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. expat-2.0.1-8.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2009:1625 https://rhn.redhat.com/errata/RHSA-2009-1625.html It seems this bug causes a regression: https://bugzilla.novell.com/show_bug.cgi?id=566434 If this causes issues for us, the patch can be found here: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165 We have observed that this new library causes test failures for the CPAN module XML::Parser, so it'd be nice if you fixed it. Hello? In case my last comment wasn't clear: Yes, we have observed the regression; the tests for the CPAN module XML::Parser fail with the updated expat. Please fix the regression. Thanks for the report. I've filed bug 556415 to track the regression. Fedora uses the system expat in in python-2.6.2-6 on F12; higher versions are not vulnerable. With python3, Fedora uses the system expat as well. This issue has been addressed in following products: JBoss Enterprise Web Server 1.0 Via RHSA-2011:0896 https://rhn.redhat.com/errata/RHSA-2011-0896.html Created compat-expat1 tracking bugs for this issue: Affects: fedora-all [bug 982563] (In reply to Jan Lieskovsky from comment #15) > Upstream patch (needs further testing): > http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 The final upstream patch: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166 Upstream bug report: http://sourceforge.net/p/expat/bugs/2894085/ First fixed upstream in version 2.1.0: http://sourceforge.net/projects/expat/files/expat/2.1.0/ Note: This problem only affected applications that set Default Handler for the expat XML parser. |