Debian Bug report logs -
#540865
libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion
Reported by: Nico Golde <nion@debian.org>
Date: Mon, 10 Aug 2009 18:06:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions 2.6.32.dfsg-5+lenny1, 2.6.27.dfsg-6+etch4, libxml2/2.7.3.dfsg-2.1
Done: Nico Golde <nion@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#540865; Package src:libxml2.
(Mon, 10 Aug 2009 18:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to unknown-package@qa.debian.org.
(Mon, 10 Aug 2009 18:06:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: libxml2
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libxml2.
CVE-2009-2416[0]:
| Pointer use-after-free flaws were found in libxml by parsing Notation
| and Enumeration attribute types. A remote attacker could provide
| a specially-crafted XML file, which once opened by a local, unsuspecting
| user would lead to denial of service (application crash).
CVE-2009-2414[1]:
| A stack overflow flaw was found in libxml by parsing root XML document
| element DTD definition. Providing a specially-crafted XML file would
| lead to excessive stack growth and denial of service (application crash),
| when opened by a victim.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
http://security-tracker.debian.net/tracker/CVE-2009-2416
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
http://security-tracker.debian.net/tracker/CVE-2009-2414
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[libxml2-2.6.26-CVE-2009-2414,CVE-2009-2416.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Bug Marked as fixed in versions 2.6.27.dfsg-6+etch4.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Mon, 10 Aug 2009 18:12:05 GMT) (full text, mbox, link).
Bug Marked as fixed in versions 2.6.32.dfsg-5+lenny1.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Mon, 10 Aug 2009 18:12:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#540865; Package src:libxml2.
(Sun, 16 Aug 2009 16:21:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to unknown-package@qa.debian.org.
(Sun, 16 Aug 2009 16:21:08 GMT) (full text, mbox, link).
Message #14 received at 540865@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
I intent to upload a 0-day NMU to fix these vulnerabilities,
debdiff can be found on:
http://people.debian.org/~nion/nmu-diff/libxml2-2.7.3.dfsg-2_2.7.3.dfsg-2.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to Nico Golde <nion@debian.org>:
You have taken responsibility.
(Sun, 16 Aug 2009 17:03:11 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Sun, 16 Aug 2009 17:03:11 GMT) (full text, mbox, link).
Message #19 received at 540865-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2
Source-Version: 2.7.3.dfsg-2.1
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:
libxml2-dbg_2.7.3.dfsg-2.1_amd64.deb
to pool/main/libx/libxml2/libxml2-dbg_2.7.3.dfsg-2.1_amd64.deb
libxml2-dev_2.7.3.dfsg-2.1_amd64.deb
to pool/main/libx/libxml2/libxml2-dev_2.7.3.dfsg-2.1_amd64.deb
libxml2-doc_2.7.3.dfsg-2.1_all.deb
to pool/main/libx/libxml2/libxml2-doc_2.7.3.dfsg-2.1_all.deb
libxml2-utils_2.7.3.dfsg-2.1_amd64.deb
to pool/main/libx/libxml2/libxml2-utils_2.7.3.dfsg-2.1_amd64.deb
libxml2_2.7.3.dfsg-2.1.diff.gz
to pool/main/libx/libxml2/libxml2_2.7.3.dfsg-2.1.diff.gz
libxml2_2.7.3.dfsg-2.1.dsc
to pool/main/libx/libxml2/libxml2_2.7.3.dfsg-2.1.dsc
libxml2_2.7.3.dfsg-2.1_amd64.deb
to pool/main/libx/libxml2/libxml2_2.7.3.dfsg-2.1_amd64.deb
python-libxml2_2.7.3.dfsg-2.1_amd64.deb
to pool/main/libx/libxml2/python-libxml2_2.7.3.dfsg-2.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 540865@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 16 Aug 2009 17:45:17 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2
Architecture: source all amd64
Version: 2.7.3.dfsg-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
Closes: 540865
Changes:
libxml2 (2.7.3.dfsg-2.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team (Closes: #540865).
* Fix multiple use-after-free flaws when parsing notation and
enumeration attribute types (CVE-2009-2416).
* Fix stack overflow when parsing root XML document element DTD
definition (CVE-2009-2414).
Checksums-Sha1:
5920251adb136635ee9860f2935b5e0a2ed39802 1479 libxml2_2.7.3.dfsg-2.1.dsc
9f3c3f24da35db0b5a7173ad96b3d696b1c7b6ed 78832 libxml2_2.7.3.dfsg-2.1.diff.gz
93807770bf46fb7527396ace8c7fe7e066eb53e1 1358762 libxml2-doc_2.7.3.dfsg-2.1_all.deb
0676c6e9cce6891f2251d1f17fddf6f3bfc8292f 864564 libxml2_2.7.3.dfsg-2.1_amd64.deb
2ad88d150e5dbbf2779f38ed2c35dbc9ec5ca452 86684 libxml2-utils_2.7.3.dfsg-2.1_amd64.deb
ed8974201cb64b93aa27be4c302bcb5032862784 824240 libxml2-dev_2.7.3.dfsg-2.1_amd64.deb
0e9896b831cbad8eec0b23f4f66405f49d75d7d4 1048096 libxml2-dbg_2.7.3.dfsg-2.1_amd64.deb
fe41e89bb84e287da1b72eefb71fcc3938852f32 338268 python-libxml2_2.7.3.dfsg-2.1_amd64.deb
Checksums-Sha256:
90039351897a55019cd78da2d60d8789e8442b380a26fee51330a8872eb2603f 1479 libxml2_2.7.3.dfsg-2.1.dsc
d4f57991d8cf13b6d9459d8eece07dfbd66f486eedce3046fb0934c76c66d0c4 78832 libxml2_2.7.3.dfsg-2.1.diff.gz
b41e5f0afd66b29fddb840becaebb1aefe44d3a6048b062c250435fab3f33472 1358762 libxml2-doc_2.7.3.dfsg-2.1_all.deb
1c22f6f755e16f9c3291d4895efcd05f9da26804c01c4e283e3625a9887b9109 864564 libxml2_2.7.3.dfsg-2.1_amd64.deb
e8d4a732cd0bb2b68e1cf47ee00141ebe8af1c71dad5bac658cdb36cd8c62295 86684 libxml2-utils_2.7.3.dfsg-2.1_amd64.deb
f948940f72c4b76f689add1edf7eafcd907ec85fc1e6c23d24144c9626cb4c94 824240 libxml2-dev_2.7.3.dfsg-2.1_amd64.deb
15058452156f88d78e0a8fd15dd19204496f079c6d6e608c420665062c17fbaa 1048096 libxml2-dbg_2.7.3.dfsg-2.1_amd64.deb
005d23fa6d9c9826dc057f435ec4d84517afd01b2eb486b9d4a3b88aa7428511 338268 python-libxml2_2.7.3.dfsg-2.1_amd64.deb
Files:
3864059f2c6a5c49b3eb50a989d2183f 1479 libs optional libxml2_2.7.3.dfsg-2.1.dsc
1656f56a382abafcd9213aba6e75b9fc 78832 libs optional libxml2_2.7.3.dfsg-2.1.diff.gz
d453563a929c53def6670de2d4c79a6d 1358762 doc optional libxml2-doc_2.7.3.dfsg-2.1_all.deb
6948b82a71ace65f36edf6f22ccd128f 864564 libs optional libxml2_2.7.3.dfsg-2.1_amd64.deb
0c22ff240636e41928380f5ca932db81 86684 text optional libxml2-utils_2.7.3.dfsg-2.1_amd64.deb
ae91c1ceb56392e0c8faa6bad7bf58de 824240 libdevel optional libxml2-dev_2.7.3.dfsg-2.1_amd64.deb
cf2f04cedc3153807e0a484e7513ca65 1048096 debug extra libxml2-dbg_2.7.3.dfsg-2.1_amd64.deb
e883f0dbb195e174fa132e8f7cbba07e 338268 python optional python-libxml2_2.7.3.dfsg-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqIMg8ACgkQHYflSXNkfP8kEQCgr091mbDT3y7VIgHYxK3WolRi
FH4AoLn5+2huX8f8GiEYsynklfNXuVRu
=+9vH
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 14 Sep 2009 07:38:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:44:00 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon