Bug 860671 – CVE-2012-2893 libxslt: Heap-double-free in xmlFreeNodeList

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 860671 - (CVE-2012-2893) CVE-2012-2893 libxslt: Heap-double-free in xmlFreeNodeList

Summary:	CVE-2012-2893 libxslt: Heap-double-free in xmlFreeNodeList

Status:	CLOSED ERRATA

Aliases:	CVE-2012-2893

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20120925,reported=2...
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-09-26 08:50 EDT by Jan Lieskovsky
Modified:	2012-09-27 00:56 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-09-27 00:56:05 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jan Lieskovsky 2012-09-26 08:50:31 EDT

Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2893 to the following vulnerability:

Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.

References:
[1] http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556
[2] http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
[3] https://chromiumcodereview.appspot.com/10919019
[4] https://code.google.com/p/chromium/issues/detail?id=144799
[5] https://src.chromium.org/viewvc/chrome?view=rev&revision=154331

Comment 1 Jan Lieskovsky 2012-09-26 08:53:02 EDT

This issue does NOT affect the versions of the libxslt package, as shipped with Red Hat Enterprise Linux 5 and 6 (they were already updated to correct this).

--

This issue does NOT affect the versions of the libxslt package, as shipped with Fedora release of 16 and 17 (they were already updated to correct this).

Comment 2 Jan Lieskovsky 2012-09-26 08:58:18 EDT

Upstream patch:
[6] http://git.gnome.org/browse/libxslt/commit/?id=54977ed7966847e305a2008cb18892df26eeb065

Comment 3 Huzaifa S. Sidhpurwala 2012-09-27 00:54:18 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:1265 http://rhn.redhat.com/errata/RHSA-2012-1265.html

Comment 4 Huzaifa S. Sidhpurwala 2012-09-27 00:56:05 EDT

This issue has been addressed in Fedora via the following security advisories:

Fedora-16: https://admin.fedoraproject.org/updates/FEDORA-2012-14048
Fedora-17: https://admin.fedoraproject.org/updates/FEDORA-2012-14083
Fedora-18: https://admin.fedoraproject.org/updates/FEDORA-2012-13871

Note You need to log in before you can comment on or make changes to this bug.