455848 – (CVE-2008-2935) CVE-2008-2935 libxslt: buffer overflow in libexslt RC4 encryption/decryption functions

Bug 455848 (CVE-2008-2935) - CVE-2008-2935 libxslt: buffer overflow in libexslt RC4 encryption/decryption functions

Summary: CVE-2008-2935 libxslt: buffer overflow in libexslt RC4 encryption/decryption ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-2935
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	456230 456231 456232 456233 833936
Blocks:
TreeView+	depends on / blocked

Reported:	2008-07-18 09:56 UTC by Tomas Hoger
Modified:	2023-05-11 12:53 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-08-08 06:46:15 UTC
Embargoed:

Attachments	(Terms of Use)
Upstream patch (4.79 KB, patch) 2008-07-18 09:57 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0649	0	normal	SHIPPED_LIVE	Moderate: libxslt security update	2008-08-06 14:48:42 UTC

Description Tomas Hoger 2008-07-18 09:56:25 UTC

oCERT reported a libxslt vulnerability discovered by Chris Evans of the Google
Security Team:

The libexslt library bundled with libxslt is affected by a heap-based buffer
overflow which can lead to arbitrary code execution.

The vulnerability is present in the rc4 encryption/decryption functions. An
arbitrary length string, passed as an argument in the XSL input, is incorrectly
copied over a padding variable which is previously allocated with a fixed size
of 128bit (RC4_KEY_LENGTH).

Affected version: libxslt >= 1.1.8, <= 1.1.24

Acknowledgements:

Red Hat would like to thank Chris Evans and oCERT for reporting this vulnerability.

Comment 1 Tomas Hoger 2008-07-18 09:57:48 UTC

Created attachment 312112 [details]
Upstream patch

Comment 7 Josh Bressers 2008-07-31 15:06:01 UTC

This is now public:
http://www.ocert.org/advisories/ocert-2008-009.html

Comment 8 Fedora Update System 2008-08-07 23:51:44 UTC

libxslt-1.1.24-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2008-08-07 23:53:46 UTC

libxslt-1.1.24-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Red Hat Product Security 2008-08-08 06:46:15 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0649.html

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7029
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7062

Note You need to log in before you can comment on or make changes to this bug.