Bug 1469261 - libxml2: possible infoleak in xsltproc and xmllint while parsing directory names containing spaces
libxml2: possible infoleak in xsltproc and xmllint while parsing directory na...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20170617,reported=2...
: Security
Depends On: 1469272 1469273 1469274
Blocks: 1469263
  Show dependency treegraph
 
Reported: 2017-07-10 14:46 EDT by Pedro Sampaio
Modified: 2017-09-12 11:33 EDT (History)
29 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pedro Sampaio 2017-07-10 14:46:27 EDT
A flaw was found in libxml2. The binaries xsltproc and xmllint contained in the lib seems to incorrectly parse xml metadata paths when the file is inside directories with spaces in its name leading to a possible user information leak.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=668245

References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516916
Comment 2 Pedro Sampaio 2017-07-10 15:37:15 EDT
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1469274]


Created mingw-libxml2 tracking bugs for this issue:

Affects: epel-7 [bug 1469273]
Affects: fedora-all [bug 1469272]

Note You need to log in before you can comment on or make changes to this bug.