A heap-based buffer overflow flaw was found in the way Exclusive Canonicalization PrefixList attribute content processing functionality of Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, used to manage internal buffers in certain circumstances. A remote attacker could provide a XML file with specially-crafted value of the PrefixList attribute to an application linked against xml-security-c performing Exclusive Canonicalization-based XML verification that, when processed would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Upstream advisory: [1] http://santuario.apache.org/secadv.data/CVE-2013-2156.txt Relevant patch: [2] http://svn.apache.org/viewvc?view=revision&revision=1493961 Acknowledgements: Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18. -- This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Public via: http://santuario.apache.org/secadv.data/CVE-2013-2156.txt
Created xml-security-c tracking bugs for this issue Affects: fedora-all [bug 975304] Affects: epel-all [bug 975305]