This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 880466 - (CVE-2012-5134) CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20121127,repo...
: Security
Depends On: 880467 880468 880475 880476 880477 882064 891477 891478 913211
Blocks: 880218 891480
  Show dependency treegraph
 
Reported: 2012-11-26 23:18 EST by Huzaifa S. Sidhpurwala
Modified: 2015-11-24 10:23 EST (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-25 08:10:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-11-26 23:18:10 EST
A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application.

Reference:
http://googlechromereleases.blogspot.in/2012/11/stable-channel-update.html

Patch:
http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
Comment 3 Huzaifa S. Sidhpurwala 2012-11-27 00:00:42 EST
Created libxml2 tracking bugs for this issue

Affects: fedora-all [bug 880477]
Comment 6 errata-xmlrpc 2012-11-29 13:49:44 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:1512 https://rhn.redhat.com/errata/RHSA-2012-1512.html
Comment 7 Huzaifa S. Sidhpurwala 2012-11-29 22:30:28 EST
Created mingw32-libxml2 tracking bugs for this issue

Affects: fedora-all [bug 882064]
Comment 12 errata-xmlrpc 2013-01-31 14:33:42 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0217 https://rhn.redhat.com/errata/RHSA-2013-0217.html

Note You need to log in before you can comment on or make changes to this bug.