Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Apr 2013 14:45:33 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities

>From the secunia advisory SA53061[1]:

1) An use-after-free error in "htmlParseChunk()" can be exploited to 
dereference already freed memory.

2) Two use-after-free errors in "xmldecl_done()" can be exploited to 
dereference already freed memory.

The vulnerabilities are reported in version 2.9.0. Other versions may also be 
affected.

Commit:
https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f

[1]: https://secunia.com/advisories/53061/
-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ