oss-sec mailing list archives
Re: CVE request: DoS in libxml2 if xz is enabled
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Tue, 3 Nov 2015 10:55:49 +0100
Fixed! https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 2015-11-02 17:03 GMT+01:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256We found a denegation of service parsing a specially crafted xml inlibxml2if xz support is enabled. It affects version 2.9.1 and probably others. Find attached a xml that never finishes the parsing process: ... #0 0xb7f3e63c in xz_decomp (state=state@entry=0x8001cff0)Use CVE-2015-8035. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWN4jAAAoJEL54rhJi8gl5/dMP/iQwWAw5fr+9kWkFCQEEfyM9 xznrHRmuygTKDSNMSFGuZ2wXbGzsakJNFke3BC6WqU8343CjoWbX7FinfR/NSqEN HykMeCUlAuM7I19CA/8Ig1qBoS/46LUBNwMrRrmbfJyNn1mh52+96RBYISFmhF2/ hyEhGl+4zscCy+JRgZD0/77bNZR0fS1gxy3x6pXr5TN9MmxTONXEHk3Kg0u9jHAC ve1pzE8DxzNTIi0vbI4MNGP0NezTFUNjhcCuxiiJUuqhNZ2wvkJAgCkxEQz6uvPP XoOVuyu/+ytM4Z42wAId7aylgu7Zdp7Yx2Ej5PZLIYo8TDrrOp5dqRC83hdV1S0n AU/VEFF7CqEDrX2W5Idjx9sbnAnVGcsBrVTZta5zkpaHZhtnjK/SeNKNKOgxc5F8 YRc/M/LasyHQBq/mK982h3iY2r82r7XN4tmkYayzXBtMEEXm1eRbS9eQx/je3bX+ I66BlEAaUdhqNhRU5Auyx27FIVuM7RnmU/7SKYWaB45H3X/b1Zr8Xpxvyd/LKqhG TxtOuI3i7+d9gl13iX35jfxwSitdoIoNNU5JWftVOalHGITG+glsDq9PFBVB0Udl E039za5WjF/R64p/uSoBgMvu4UqOE1DBks+h0VK0vzV/jV3VrUQb/b1qmjlSXzsN gTz8OIpmOf6o/PZ8kHRe =pFpx -----END PGP SIGNATURE-----
Current thread:
- CVE request: DoS in libxml2 if xz is enabled Gustavo Grieco (Nov 02)
- Re: CVE request: DoS in libxml2 if xz is enabled cve-assign (Nov 02)
- Re: CVE request: DoS in libxml2 if xz is enabled Gustavo Grieco (Nov 03)
- Re: CVE request: DoS in libxml2 if xz is enabled cve-assign (Nov 02)