Created attachment 322846 [details] Proposed patch from Drew Yao Description of problem: Drew Yao of Apple Product Security has reported an integer overflow present in xmlBufferResize function in the libxml2 library potentially leading to an infinite loop. User could provide a very large XML file for parsing to the XML parsing library, which could allow him to cause a denial of service. Proposed patch: See attachment. Acknowledgements: Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
This issue affects all versions of the libxml2 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. This issue affects all versions of the libxml2 package, as shipped with Fedora release of 8, 9 or 10.
The patch looks fine, though it gets really hard to reproduce and test, Daniel
Lifting embargo
libxml2-2.7.2-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9
libxml2-2.7.2-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10
libxml2-2.7.2-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
libxml2-2.7.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
libxml2-2.7.2-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0988.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9729 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9773 https://admin.fedoraproject.org/updates/f10/FEDORA-2008-10038