A security flaw was found in the way libxml traversed XPath axis of particular Extensible Markup Language (XML) file and tested namespace / attribute context nodes for their validity. A remote attacker could provide a specially-crafted XML file, which once opened with an application linked against libxml would cause that application to crash (due stack frame overflow and / or with NULL pointer dereference on some architectures). Chrome bug report (not accessible for public audience): [1] http://code.google.com/p/chromium/issues/detail?id=58731 Upstream changesets: [2] http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c [3] http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9 Acknowledgements: Red Hat would like to thank the Google Security Team for reporting this issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter.
This issue did NOT affect the versions of the libxml and libxml2 package, as shipped with Red Hat Enterprise Linux 3. This issue did NOT affect the version of the libxml2 package, as shipped with Red Hat Enterprise Linux 4. This issue affects the version of the libxml2 package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the versions of the libxml2 package, as shipped with Fedora release of 12 and 13.
The CVE identifier of CVE-2010-4008 has been assigned to this issue.
Statement: This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4.
Created libxml2 tracking bugs for this issue Affects: fedora-all [bug 652056]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1749 https://rhn.redhat.com/errata/RHSA-2011-1749.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0017 https://rhn.redhat.com/errata/RHSA-2012-0017.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0217 https://rhn.redhat.com/errata/RHSA-2013-0217.html