oss-sec mailing list archives
Re: Re: libxml security fix from apple ... any information?
From: Thomas Biege <thomas () suse de>
Date: Fri, 29 Jul 2011 09:52:41 +0200
Hello, if the code executed is the same on Windows and on Linux I would assume this affects Linux too. That the bug is not "seen" during fuzzing means nothing. Cheers, Thomas Am Freitag, 29. Juli 2011, 06:59:22 schrieb Billy Rios:
The crash was indeed in libxml2, but I could not get the bug to repro in Linux. We took the crash file and fuzzed a bit more on Linux, but no crashes were observed. BK On Thu, Jul 28, 2011 at 6:22 AM, Marcus Meissner <meissner () suse de> wrote:Hi folks, Billy, Daniel, On http://support.apple.com/kb/HT4808 there is a libxml security issue listed: ----------------------------------------- libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team ----------------------------------------- I suspect this is libxml2 and it likely also affects Linux? If this is correct, could you identify the commit fixing this issue? Ciao, Marcus
-- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- libxml security fix from apple ... any information? Marcus Meissner (Jul 28)
- Re: libxml security fix from apple ... any information? Huzaifa Sidhpurwala (Jul 28)
- Re: libxml security fix from apple ... any information? Billy Rios (Jul 28)
- Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
- Re: Re: libxml security fix from apple ... any information? Moritz Muehlenhoff (Jul 29)
- Re: Re: libxml security fix from apple ... any information? Jeffrey Czerniak (Jul 30)
- Re: libxml security fix from apple ... any information? Solar Designer (Jul 30)
- Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
- Re: libxml security fix from apple ... any information? Daniel Veillard (Aug 04)