Bug 515195 - (CVE-2009-2414) CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition
CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing roo...
Status: MODIFIED
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,reported=20090730,pub...
: Security
Depends On: 515226 515233 515234 515235 515236 515237
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-03 06:10 EDT by Jan Lieskovsky
Modified: 2009-08-15 04:20 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch for RHEL-5 i.e. libxml2-2.6.26 (2.22 KB, patch)
2009-08-03 10:29 EDT, Daniel Veillard
no flags Details | Diff
Patch for RHEL-4 i.e. libxml2-2.6.16 (2.22 KB, patch)
2009-08-03 10:30 EDT, Daniel Veillard
no flags Details | Diff
Patch for RHEL-3 i.e. libxml2-2.5.10 (2.44 KB, patch)
2009-08-03 10:31 EDT, Daniel Veillard
no flags Details | Diff
patch for libxml-1.8.17 in RHEL-3 (2.81 KB, patch)
2009-08-03 11:07 EDT, Daniel Veillard
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2009-08-03 06:10:17 EDT
A stack overflow flaw was found in libxml by parsing root XML document
element DTD definition. Providing a specially-crafted XML file would
lead to excessive stack growth and denial of service (application crash),
when opened by a victim.
Comment 8 Daniel Veillard 2009-08-03 10:29:15 EDT
Created attachment 356032 [details]
Patch for RHEL-5 i.e. libxml2-2.6.26
Comment 9 Daniel Veillard 2009-08-03 10:30:22 EDT
Created attachment 356033 [details]
Patch for RHEL-4 i.e. libxml2-2.6.16
Comment 10 Daniel Veillard 2009-08-03 10:31:40 EDT
Created attachment 356035 [details]
Patch for RHEL-3 i.e. libxml2-2.5.10
Comment 11 Daniel Veillard 2009-08-03 10:33:10 EDT
Set of patches attached for libxml2 in RHEL-3/4/5 this also includes the
fixes for #515205

Daniel
Comment 14 Daniel Veillard 2009-08-03 11:07:18 EDT
Created attachment 356048 [details]
patch for libxml-1.8.17 in RHEL-3
Comment 22 Fedora Update System 2009-08-10 10:40:22 EDT
libxml2-2.7.3-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-3.fc11
Comment 23 Fedora Update System 2009-08-10 10:42:04 EDT
libxml2-2.7.3-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-2.fc10
Comment 24 Jan Lieskovsky 2009-08-10 10:55:32 EDT
Richard,

  could you schedule the mingw32-libxml2 Fedora updates?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 25 errata-xmlrpc 2009-08-10 14:14:32 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1206 https://rhn.redhat.com/errata/RHSA-2009-1206.html
Comment 26 Fedora Update System 2009-08-11 18:37:50 EDT
libxml2-2.7.3-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Fedora Update System 2009-08-11 18:39:56 EDT
libxml2-2.7.3-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 Fedora Update System 2009-08-12 10:03:43 EDT
libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11
Comment 29 Fedora Update System 2009-08-12 10:05:33 EDT
libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10
Comment 30 Fedora Update System 2009-08-12 18:14:25 EDT
mingw32-libxml2-2.7.3-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/mingw32-libxml2-2.7.3-2.fc11
Comment 31 Fedora Update System 2009-08-15 04:17:04 EDT
mingw32-libxml2-2.7.3-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 32 Fedora Update System 2009-08-15 04:18:04 EDT
libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 33 Fedora Update System 2009-08-15 04:20:39 EDT
libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.