Bug 927386 (CVE-2012-6139)

Summary: CVE-2012-6139 libxslt: two DoS issues fixed in 1.1.28
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ago, carnil, erik-fedora, jlieskov, ktietz, rjones, seceng-idm-qe-list, veillard
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libxslt 1.1.28 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 14:54:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 927580, 927945    
Bug Blocks: 927392    

Description Vincent Danen 2013-03-25 19:58:14 UTC 
It was reported [1] that libxlst would crash with a segfault when proessing XML files with an empty xls:key/@match attribute.

This has been fixed in version 1.1.28 [2].

[1] https://bugzilla.gnome.org/show_bug.cgi?id=685328
[2] https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
Comment 1 Agostino Sarubbo 2013-03-25 20:40:29 UTC 
CVE-2012-6139 has been assigned http://www.openwall.com/lists/oss-security/2013/03/25/10
Comment 2 Vincent Danen 2013-03-25 20:46:46 UTC 
*** Bug 927388 has been marked as a duplicate of this bug. ***
Comment 3 Vincent Danen 2013-03-25 20:47:33 UTC 
The following issue was merged with this one under one CVE:

It was reported [1] that libxlst would crash with a segfault due to a read near NULL occurring in xsltDocumentFunction() when an uninitialized variable is used as a parameter to the document() function.

This has been fixed in version 1.1.28 [2].

[1] https://bugzilla.gnome.org/show_bug.cgi?id=685330
[2] https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
Comment 4 Jan Lieskovsky 2013-03-26 09:26:52 UTC 
This issue affects the versions of the libxslt package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Comment 5 Jan Lieskovsky 2013-03-26 09:28:00 UTC 
Created libxslt tracking bugs for this issue

Affects: fedora-all [bug 927580]
Comment 6 Vincent Danen 2013-03-26 14:41:56 UTC 
Created mingw-libxslt tracking bugs for this issue

Affects: fedora-all [bug 927945]
Comment 8 Erik van Pienbroek 2013-03-27 14:31:15 UTC 
(In reply to comment #6)
> Created mingw-libxslt tracking bugs for this issue
> 
> Affects: fedora-all [bug 927945]

The package mingw-libxslt is already at version 1.1.28 in all supported Fedora branches, so it shouldn't be affected if I'm correct
Comment 9 Vincent Danen 2015-08-22 14:53:48 UTC 
Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.