Bug 1384424 (CVE-2016-4658) - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
Summary: CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-4658
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1384427 1384429 1384430 1548946 1695386 1966916
Blocks: 1384433
TreeView+ depends on / blocked
 
Reported: 2016-10-13 09:21 UTC by Adam Mariš
Modified: 2023-11-23 10:48 UTC (History)
22 users (show)

Fixed In Version: libxml2 2.9.5
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data.
Clone Of:
Environment:
Last Closed: 2018-02-26 05:00:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:3810 0 None None None 2021-10-12 15:31:26 UTC

Description Adam Mariš 2016-10-13 09:21:10 UTC 
Possible use after free vulnerability via namespace nodes in XPointer ranges was found.

Upstream patch:

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
Comment 1 Adam Mariš 2016-10-13 09:24:00 UTC 
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1384427]
Comment 2 Adam Mariš 2016-10-13 09:24:09 UTC 
Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1384429]
Affects: epel-7 [bug 1384430]
Comment 5 Maumita Mandal 2017-03-24 11:43:09 UTC 
(In reply to Adam Mariš from comment #0)
> Possible use after free vulnerability via namespace nodes in XPointer ranges
> was found.
> 
> Upstream patch:
> 
> https://git.gnome.org/browse/libxml2/commit/
> ?id=c1d1f7121194036608bf555f08d3062a36fd344b

Hello Adam,

We have been monitoring the URL ftp://xmlsoft.org/libxml2/ for the latest release of the official patch of libxml2 containing the patches for the bugs associated with the CVE-2016-4658, CVE-2016-9318 and CVE-2016-9597, but have observed that no binary files have been released yet.

From the URL http://rpmfind.net/linux/RPM/opensuse/updates/leap/42.2/oss/src/libxml2-2.9.4-3.1.src.html we found that a RPM file has been released, but as our requirement is a binary version we can't go for the RPM version.

Could you kindly confirm the ETA for the release of the official libxml2 2.9.4-3.1 binary package containing all the above mentioned patches?

Kind regards,
Maumita Mandal
Comment 6 Jim Hart 2017-08-09 20:31:50 UTC 
Is this still being considered for a fix?  Please let me know.
Comment 24 errata-xmlrpc 2021-10-12 15:31:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3810 https://access.redhat.com/errata/RHSA-2021:3810
Comment 25 Red Hat Bugzilla 2023-09-15 00:00:16 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days
Note You need to log in before you can comment on or make changes to this bug.