Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1408305 - (CVE-2016-9597) CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)
CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file (unfi...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160503,repor...
: Security
Depends On:
Blocks: 1426171
  Show dependency treegraph
 
Reported: 2016-12-22 15:34 EST by Bharti Kundal
Modified: 2018-09-05 01:46 EDT (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-09-05 01:46:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Bharti Kundal 2016-12-22 15:34:19 EST 
libxml2: stack overflow before detecting invalid XML file
Comment 2 Salvatore Bonaccorso 2016-12-22 15:45:02 EST 
 Are there any details available for this? Upsteam bug, commit reference?
Comment 3 Adam Mariš 2017-01-03 06:03:12 EST 
(In reply to Salvatore Bonaccorso from comment #2)
>  Are there any details available for this? Upsteam bug, commit reference?

Referring to https://bugzilla.redhat.com/show_bug.cgi?id=1408302#c4
Comment 4 Salvatore Bonaccorso 2017-01-12 01:19:10 EST 
Hi Adam

Thanks for the information here and in the related bugs. I guess there is though some confusion around the CVEs. E.g. then SuSE is tracking that CVE for https://bugzilla.novell.com/show_bug.cgi?id=1017497 .

Regards,
Salvatore
Comment 5 Adam Mariš 2017-01-16 09:55:58 EST 
> Thanks for the information here and in the related bugs. I guess there is
> though some confusion around the CVEs. E.g. then SuSE is tracking that CVE
> for https://bugzilla.novell.com/show_bug.cgi?id=1017497 .

Thank you for notifying us about that, Salvatore. I put the comment in Suse bugzilla:

https://bugzilla.novell.com/show_bug.cgi?id=1017497#c18
Comment 7 Tomas Hoger 2017-02-23 12:25:35 EST 
This CVE id is for the same issue as CVE-2016-3705 (bug 1332443).  This additional CVE was assigned because the original issue was listed as fixed in RHSA-2016:2957 for the Red Hat JBoss Core Services:

https://rhn.redhat.com/errata/RHSA-2016-2957.html

However, that erratum actually failed to include the fix for the issue.

Therefore, this new CVE is specific to the Red Hat JBoss Core Services product and is better described as: missing/incorrect fix for CVE-2016-3705 in the Red Hat JBoss Core Services.
Comment 17 Tanaya Patil 2018-08-30 05:47:55 EDT 
Hi,

Waiting for a fix on this CVE. As the bug status is still 'NEW', would like to know if we getting the complete fix for this CVE. If yes please share when.

Thanks,
Tanaya
Comment 19 Timothy Walsh 2018-09-05 00:16:09 EDT 
JBCS 2.4.29 RHSA-2018:2486 includes rebased libxml2 to 2.9.7 which addresses this CVE and CVE-2016-9596.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.