Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 116572 - libxml2 ftp and http fetch had a bound checking error
libxml2 ftp and http fetch had a bound checking error
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: libxml2 (Show other bugs)
2.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Veillard
: Security
Depends On:
Blocks: CVE-2004-0110
  Show dependency treegraph
 
Reported: 2004-02-23 07:31 EST by Daniel Veillard
Modified: 2008-01-29 04:54 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-08 10:34:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
This patch fix the problem on 2.6.5 (6.23 KB, patch)
2004-02-23 07:33 EST, Daniel Veillard 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Daniel Veillard 2004-02-23 07:31:45 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
When fetching a remote resource via ftp and http
libxml2 use special parsing routines which had a buffer
overflow problem if passed a URL more than 4Kb.
This is a potential security issue covering all libxml2
releases up to 2.6.5 and fixed in 2.6.6

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1./usr/bin/xmllint http://`perl -e 'print "A" x 5000'`
2.
3.
    

Actual Results:  segfaults

Expected Results:  should not segfault

Additional info:

This covers RHEL 2.1, RHL9, RHEL 3 and FC1 <grin/>
Comment 1 Daniel Veillard 2004-02-23 07:33:30 EST 
Created attachment 97942 [details]
This patch fix the problem on 2.6.5
Comment 2 Daniel Veillard 2004-02-23 07:35:51 EST 
Best processing seems to:
  - apply the patch for RHEL 2.1 and 3
  - push 2.6.6 or 2.6.7 as a fedora core 1 update
  - for RHL9 applying the patch is probably the simplest.

Daniel
Comment 4 Mark J. Cox 2004-02-24 04:38:10 EST 
RHSA-2004:090 (RHEL) and RHSA-2004:091 (RHL9) in progress.
Comment 5 Mark J. Cox 2004-03-08 10:34:08 EST 
was released 2004-02-26
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.