Latest YouTube Video

Tuesday, May 3, 2016

[FD] CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)

Hi This is a disclosure of the following issue that was raised a week ago on the distro's mailing list. Both bugs on the gnome bugtracker are currently private and should be made public now. The two attached patches are based off the 2.9.3 libxml2 release. A couple of weeks back while working on a related bug [CVE-2016-3627] I discovered a specially created xml file is capable of triggering a stack overflow before libxml2 can detect its a invalid xml file. We raised this issue upstream on 2016-04-18 and informed them that we would place a two week embargo on the issue in case we didn't here back. As of yet we have had no response so we have posted here. http://ift.tt/24mZ64q We intend to keep the current embargo (ending May 3) unless we get advise otherwise here. Below is a script to generate the xml file along with a tested patch to fix the issue. I will also include our unpublished patch and simplified reproducer for CVE-2016-3627 as again we have had no response upstream and its likely that you will want to fix this less severe issue at the same time. http://ift.tt/1pXMaQ9 python3 repoducer.py ; xmllint repo.xml repoducer.py

Source: Gmail -> IFTTT-> Blogger

No comments: