Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon,  2 Nov 2015 11:03:55 -0500 (EST)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: DoS in libxml2 if xz is enabled

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We found a denegation of service parsing a specially crafted xml in libxml2
> if xz support is enabled. It affects version 2.9.1 and probably others.
> Find attached a xml that never finishes the parsing process:
> ...
> #0  0xb7f3e63c in xz_decomp (state=state@...ry=0x8001cff0)

Use CVE-2015-8035.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWN4jAAAoJEL54rhJi8gl5/dMP/iQwWAw5fr+9kWkFCQEEfyM9
xznrHRmuygTKDSNMSFGuZ2wXbGzsakJNFke3BC6WqU8343CjoWbX7FinfR/NSqEN
HykMeCUlAuM7I19CA/8Ig1qBoS/46LUBNwMrRrmbfJyNn1mh52+96RBYISFmhF2/
hyEhGl+4zscCy+JRgZD0/77bNZR0fS1gxy3x6pXr5TN9MmxTONXEHk3Kg0u9jHAC
ve1pzE8DxzNTIi0vbI4MNGP0NezTFUNjhcCuxiiJUuqhNZ2wvkJAgCkxEQz6uvPP
XoOVuyu/+ytM4Z42wAId7aylgu7Zdp7Yx2Ej5PZLIYo8TDrrOp5dqRC83hdV1S0n
AU/VEFF7CqEDrX2W5Idjx9sbnAnVGcsBrVTZta5zkpaHZhtnjK/SeNKNKOgxc5F8
YRc/M/LasyHQBq/mK982h3iY2r82r7XN4tmkYayzXBtMEEXm1eRbS9eQx/je3bX+
I66BlEAaUdhqNhRU5Auyx27FIVuM7RnmU/7SKYWaB45H3X/b1Zr8Xpxvyd/LKqhG
TxtOuI3i7+d9gl13iX35jfxwSitdoIoNNU5JWftVOalHGITG+glsDq9PFBVB0Udl
E039za5WjF/R64p/uSoBgMvu4UqOE1DBks+h0VK0vzV/jV3VrUQb/b1qmjlSXzsN
gTz8OIpmOf6o/PZ8kHRe
=pFpx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ