A flaw in ptlib prior to 2.12.1 was fixed [1]; this prevents the "billion laughs" denial of service attack. This attack is due to improper length checks/recursion detection during XML entity expansion. If an attacker were able to provide as input a crafted XML document containing a large number of nested entity references, they could cause the application linked to ptlib (for example, Ekiga) to consume extreme amounts of CPU and memory. [1] http://opalvoip.svn.sourceforge.net/viewvc/opalvoip?view=revision&revision=28856
Is this the same as RHBZ 883058? If so the fix was back ported to ptlib 2.10.10
Added CVE as per http://www.openwall.com/lists/oss-security/2013/03/15/7
(In reply to comment #1) > Is this the same as RHBZ 883058? > > If so the fix was back ported to ptlib 2.10.10 No, I don't believe so. That issue is about not verifying UTF-8 prior to display leading to a crash. This issue is about XML entity expansion and recursion, which doesn't lead to a crash but to excessive CPU/memory usage. In bug 883058#c6 it talks about the same commit, but I don't think that reference was correct, as the upstream gnome bug for bug 883058 referenced https://git.gnome.org/browse/ekiga/commit/?id=7d09807257 as the fix, which is entirely different (ptlib/trunk/src/ptclib/pxml.cxx (this flaw) vs lib/engine/components/opal/opal-call.cpp (that bug)).
This issue does not affect the version of ptlib as shipped with Fedora 17 and Fedora-18
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2013-1864