oss-sec mailing list archives
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 6 May 2014 20:55:58 +0200
On Tue, 06 May 2014 20:21:28 +0200 Nicolas Grégoire wrote:
libxml2 [...] incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution.I'm not sure that I understand this bug. Do you have a PoC?
The new issue is very similar to the one fixed by: https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f which is linked to the infamous CVE-2013-0339. 4629ee0 fixed the issue for general entities, while the 9cd1c3c fixes the same type of problem for parameter entities. Even when parsing without NOENT, external parameter entities are fetched. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Stefan Cornelius (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Timoth D. Morgan (May 08)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 12)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm (Jun 02)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 03)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm (Jun 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 03)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (Jun 09)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 09)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)