A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 CVE assignment: http://seclists.org/oss-sec/2015/q4/130
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1276298]
Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1276299] Affects: epel-7 [bug 1276300]
Upstream patches: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
This issue has been addressed in the following products: Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days