1469261 – libxml2: possible infoleak in xsltproc and xmllint while parsing directory names containing spaces

Bug 1469261 - libxml2: possible infoleak in xsltproc and xmllint while parsing directory names containing spaces

Summary: libxml2: possible infoleak in xsltproc and xmllint while parsing directory na...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1469272 1469273 1469274
Blocks:	1469263
TreeView+	depends on / blocked

Reported:	2017-07-10 18:46 UTC by Pedro Sampaio
Modified:	2021-10-21 11:54 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 11:54:37 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2017-07-10 18:46:27 UTC

A flaw was found in libxml2. The binaries xsltproc and xmllint contained in the lib seems to incorrectly parse xml metadata paths when the file is inside directories with spaces in its name leading to a possible user information leak.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=668245

References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516916

Comment 2 Pedro Sampaio 2017-07-10 19:37:15 UTC

Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1469274]


Created mingw-libxml2 tracking bugs for this issue:

Affects: epel-7 [bug 1469273]
Affects: fedora-all [bug 1469272]

Note You need to log in before you can comment on or make changes to this bug.

athmanem
bmcclain
c.david86
cfergeau
csutherl
eedri
erik-fedora
fedora-mingw
gzaronik
jclere
lsurette
mbabacek
mgoldboi
michal.skrivanek
mturk
ohudlick
rh-spice-bugs
rjones
srevivo
twalsh
veillard
ykaul