Bug 673101 (CVE-2010-4657)

Summary: CVE-2010-4657 php: XMLWriter information leak
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fedora, jlieskov, jorton, veillard, wnefal+redhatbugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-11 21:04:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2011-01-27 12:52:57 UTC 
Kees Cook reported an information leak flaw in the PHP's XMLWriter, triggered by an invalid UTF-8 string passed to the writeAttribute method:

  http://thread.gmane.org/gmane.comp.security.oss.general/4122
  http://bugs.php.net/bug.php?id=52998
  https://bugzilla.gnome.org/show_bug.cgi?id=631551

In the initial report, it was unclear if this is PHP or libxml2 flaw.  libxml2 upstream author's reply in the gnome bugzilla bug suggests this issue needs to be addressed in PHP, as the libxml2 API requires input to be valid UTF-8 and \0 terminated string.
Comment 1 Tomas Hoger 2011-01-27 12:55:34 UTC 
Testing with the reproducer in upstream PHP bug, this is reproducible with PHP 5.3 packages in RHEL-6 (php) and RHEL-5 (php53).  No visible leak on php (5.1.6) packages in RHEL-5.  XMLWriter was introduced in 5.1.2, hence RHEL-4 php is unaffected.
Comment 5 Product Security DevOps Team 2021-06-11 21:04:24 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2010-4657