Bug 1276297 (CVE-2015-7942) - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSecti...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-7942
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1276298 1276299 1276300 1284794 1286495 1286496 1286497 1322869
Blocks: 1274223 1318206
TreeView+ depends on / blocked
 
Reported: 2015-10-29 11:42 UTC by Martin Prpič
Modified: 2023-09-14 03:12 UTC (History)
24 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:44:51 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2549 0 normal SHIPPED_LIVE Moderate: libxml2 security update 2015-12-07 15:13:44 UTC
Red Hat Product Errata RHSA-2015:2550 0 normal SHIPPED_LIVE Moderate: libxml2 security update 2015-12-07 16:59:33 UTC
Red Hat Product Errata RHSA-2016:1089 0 normal SHIPPED_LIVE Moderate: Red Hat JBoss Web Server 3.0.3 security update 2016-05-17 20:12:21 UTC

Description Martin Prpič 2015-10-29 11:42:52 UTC
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=756456

CVE assignment:

http://seclists.org/oss-sec/2015/q4/130

Comment 1 Martin Prpič 2015-10-29 11:45:58 UTC
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1276298]

Comment 2 Martin Prpič 2015-10-29 11:46:06 UTC
Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1276299]
Affects: epel-7 [bug 1276300]

Comment 9 errata-xmlrpc 2015-12-07 10:14:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html

Comment 10 errata-xmlrpc 2015-12-07 12:00:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html

Comment 14 errata-xmlrpc 2016-05-17 16:13:43 UTC
This issue has been addressed in the following products:



Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html

Comment 15 Red Hat Bugzilla 2023-09-14 03:12:09 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days


Note You need to log in before you can comment on or make changes to this bug.