Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1281862 - (CVE-2015-7497) CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey
CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151201,repor...
: Security
Depends On: 1284794 1286495 1286496 1286497 1322879
Blocks: 1274223 1281960 1318206
  Show dependency treegraph
 
Reported: 2015-11-13 11:05 EST by Adam Mariš
Modified: 2017-03-08 02:37 EST (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (442 bytes, patch)
2015-11-13 11:05 EST, Adam Mariš 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2549 normal SHIPPED_LIVE Moderate: libxml2 security update 2015-12-07 10:13:44 EST
Red Hat Product Errata RHSA-2015:2550 normal SHIPPED_LIVE Moderate: libxml2 security update 2015-12-07 11:59:33 EST
Red Hat Product Errata RHSA-2016:1089 normal SHIPPED_LIVE Moderate: Red Hat JBoss Web Server 3.0.3 security update 2016-05-17 16:12:21 EDT

  None (edit)
Description Adam Mariš 2015-11-13 11:05:07 EST 
A heap-based buffer overflow vulnerability was found in xmlDictComputeFastQKey in dict.c.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=756528
Comment 1 Adam Mariš 2015-11-13 11:05 EST 
Created attachment 1093719 [details]
Proposed patch
Comment 3 Adam Mariš 2015-11-16 09:04:13 EST 
Acknowledgments:

Name: the GNOME project
Upstream: Kostya Serebryany
Comment 7 Huzaifa S. Sidhpurwala 2015-12-01 04:53:32 EST 
Upstream commit:

https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9
Comment 8 errata-xmlrpc 2015-12-07 05:14:30 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
Comment 9 errata-xmlrpc 2015-12-07 07:00:33 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
Comment 13 errata-xmlrpc 2016-05-17 12:14:10 EDT 
This issue has been addressed in the following products:



Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.