Security researcher Ucha Gobejishvili used the Address Sanitizer tool to find a buffer overflow while parsing compressed XML content. This was due to an error in how buffer space is created and modified when handling large amounts of XML data. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. External Reference: http://www.mozilla.org/security/announce/2015/mfsa2015-54.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ucha Gobejishvili as the original reporter.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 Via RHSA-2015:0988 https://rhn.redhat.com/errata/RHSA-2015-0988.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:1012 https://rhn.redhat.com/errata/RHSA-2015-1012.html
Created expat tracking bugs for this issue: Affects: fedora-all [bug 1232574]
The following patch was applied by Mozilla to fix this issue: https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
Statement: This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.
expat upstream bug: https://sourceforge.net/p/expat/bugs/505/ expat upstream commits: 2.1.1: https://github.com/libexpat/libexpat/commit/ba0f9c3b40c264b8dd392e02a7a060a8fa54f032 2.2.0: https://github.com/libexpat/libexpat/commit/f0bec73b018caa07d3e75ec8dd967f3785d71bde
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1011 https://access.redhat.com/errata/RHSA-2020:1011
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2015-2716
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2508 https://access.redhat.com/errata/RHSA-2020:2508