Bug 1149084 (CVE-2014-3660) - CVE-2014-3660 libxml2: denial of service via recursive entity expansion
Summary: CVE-2014-3660 libxml2: denial of service via recursive entity expansion
Status: CLOSED ERRATA
Alias: CVE-2014-3660
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20141016,repor...
Keywords: Security
Depends On: 1149085 1149086 1149087 1149088 1161841
Blocks: 1149089
TreeView+ depends on / blocked
 
Reported: 2014-10-03 08:05 UTC by David Jorm
Modified: 2019-06-08 20:12 UTC (History)
11 users (show)

(edit)
A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.
Clone Of:
: 1161841 (view as bug list)
(edit)
Last Closed: 2014-11-20 19:09:53 UTC


Attachments (Terms of Use)
Proposed upstream patch (4.29 KB, patch)
2014-10-07 05:26 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff
Patch for RHEL-7 (4.56 KB, patch)
2014-10-13 01:53 UTC, Daniel Veillard
no flags Details | Diff
Patch for RHEL-6 (4.56 KB, patch)
2014-10-13 02:56 UTC, Daniel Veillard
no flags Details | Diff
Patch for RHEL-5 (3.82 KB, patch)
2014-10-13 02:58 UTC, Daniel Veillard
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1655 normal SHIPPED_LIVE Moderate: libxml2 security update 2014-10-16 21:49:06 UTC
Red Hat Product Errata RHSA-2014:1885 normal SHIPPED_LIVE Moderate: libxml2 security update 2014-11-20 23:51:48 UTC

Description David Jorm 2014-10-03 08:05:58 UTC
IssueDescription:

A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.

Comment 3 Huzaifa S. Sidhpurwala 2014-10-07 05:26:29 UTC
Created attachment 944444 [details]
Proposed upstream patch

Comment 4 Daniel Veillard 2014-10-13 01:53:07 UTC
Created attachment 946196 [details]
Patch for RHEL-7

Comment 5 Daniel Veillard 2014-10-13 02:56:31 UTC
Created attachment 946225 [details]
Patch for RHEL-6

Comment 6 Daniel Veillard 2014-10-13 02:58:07 UTC
Created attachment 946226 [details]
Patch for RHEL-5

This one was actually quite harder to come by, the backport required intimate knowledge of library internals.

Comment 8 errata-xmlrpc 2014-10-16 17:49:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2014:1655 https://rhn.redhat.com/errata/RHSA-2014-1655.html

Comment 9 Fedora Update System 2014-10-18 16:58:16 UTC
libxml2-2.9.1-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Finke Lamein 2014-10-23 07:44:52 UTC
Just wondering, will the RHEL5 patch hit the repositories soon?

Comment 13 Fedora Update System 2014-11-01 17:15:28 UTC
libxml2-2.9.1-6.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 errata-xmlrpc 2014-11-20 18:52:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1885 https://rhn.redhat.com/errata/RHSA-2014-1885.html

Comment 16 Fedora Update System 2014-11-22 12:42:33 UTC
libxml2-2.9.1-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.