Bug 515195 (CVE-2009-2414) - CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition
Summary: CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing roo...
Keywords:
Status: MODIFIED
Alias: CVE-2009-2414
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 515226 515233 515234 515235 515236 515237
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-03 10:10 UTC by Jan Lieskovsky
Modified: 2023-07-07 08:35 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)
Patch for RHEL-5 i.e. libxml2-2.6.26 (2.22 KB, patch)
2009-08-03 14:29 UTC, Daniel Veillard
no flags Details | Diff
Patch for RHEL-4 i.e. libxml2-2.6.16 (2.22 KB, patch)
2009-08-03 14:30 UTC, Daniel Veillard
no flags Details | Diff
Patch for RHEL-3 i.e. libxml2-2.5.10 (2.44 KB, patch)
2009-08-03 14:31 UTC, Daniel Veillard
no flags Details | Diff
patch for libxml-1.8.17 in RHEL-3 (2.81 KB, patch)
2009-08-03 15:07 UTC, Daniel Veillard
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1206 0 normal SHIPPED_LIVE Moderate: libxml and libxml2 security update 2009-08-10 18:14:27 UTC

Description Jan Lieskovsky 2009-08-03 10:10:17 UTC
A stack overflow flaw was found in libxml by parsing root XML document
element DTD definition. Providing a specially-crafted XML file would
lead to excessive stack growth and denial of service (application crash),
when opened by a victim.

Comment 8 Daniel Veillard 2009-08-03 14:29:15 UTC
Created attachment 356032 [details]
Patch for RHEL-5 i.e. libxml2-2.6.26

Comment 9 Daniel Veillard 2009-08-03 14:30:22 UTC
Created attachment 356033 [details]
Patch for RHEL-4 i.e. libxml2-2.6.16

Comment 10 Daniel Veillard 2009-08-03 14:31:40 UTC
Created attachment 356035 [details]
Patch for RHEL-3 i.e. libxml2-2.5.10

Comment 11 Daniel Veillard 2009-08-03 14:33:10 UTC
Set of patches attached for libxml2 in RHEL-3/4/5 this also includes the
fixes for #515205

Daniel

Comment 14 Daniel Veillard 2009-08-03 15:07:18 UTC
Created attachment 356048 [details]
patch for libxml-1.8.17 in RHEL-3

Comment 22 Fedora Update System 2009-08-10 14:40:22 UTC
libxml2-2.7.3-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-3.fc11

Comment 23 Fedora Update System 2009-08-10 14:42:04 UTC
libxml2-2.7.3-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-2.fc10

Comment 24 Jan Lieskovsky 2009-08-10 14:55:32 UTC
Richard,

  could you schedule the mingw32-libxml2 Fedora updates?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 25 errata-xmlrpc 2009-08-10 18:14:32 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1206 https://rhn.redhat.com/errata/RHSA-2009-1206.html

Comment 26 Fedora Update System 2009-08-11 22:37:50 UTC
libxml2-2.7.3-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2009-08-11 22:39:56 UTC
libxml2-2.7.3-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2009-08-12 14:03:43 UTC
libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11

Comment 29 Fedora Update System 2009-08-12 14:05:33 UTC
libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10

Comment 30 Fedora Update System 2009-08-12 22:14:25 UTC
mingw32-libxml2-2.7.3-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/mingw32-libxml2-2.7.3-2.fc11

Comment 31 Fedora Update System 2009-08-15 08:17:04 UTC
mingw32-libxml2-2.7.3-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 32 Fedora Update System 2009-08-15 08:18:04 UTC
libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 33 Fedora Update System 2009-08-15 08:20:39 UTC
libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.