Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 Mar 2016 17:44:46 +0000
From: "Murphy, Grant" <grant.murphy@....com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"gustavo.grieco@...il.com" <gustavo.grieco@...il.com>
CC: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: Re: Re: CVE request: Stack exhaustion in libxml2
 parsing xml files in recover mode

On 3/21/16, 7:58 AM, "cve-assign@...re.org" <cve-assign@...re.org> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>> gdb --args xmllint --recover no-recover.xml
>
>> Program received signal SIGSEGV, Segmentation fault.
>> _int_malloc (av=0x7ffff7826760 <main_arena>, bytes=2) at malloc.c:3302
>
>Use CVE-2016-3627.
>
>> It was reported to the libxml2 bug tracker some
>> time ago but the maintainers are quite busy, so they haven't fixed it.
>
>It's typically useful to mention the bug number even if it isn't
>currently a public bug, in case correlation is needed later.

Looks like it was reported here:
https://bugzilla.gnome.org/show_bug.cgi?id=762100

>
>- -- 
>CVE Assignment Team
>M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
>[ A PGP key is available for encrypted communications at
>  http://cve.mitre.org/cve/request_id.html ]
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1
>
>iQIcBAEBCAAGBQJW8AsWAAoJEL54rhJi8gl58g4P/i/POnAJzcVBHPdk0svtHKl+
>+510uhal1JlA6r3y3AiDnqsaRM5TMzuzYs+0l9EA8ydM9nx0UMAOkA/1tHVl48P1
>cJcMMoHj/dv/pBBsAaSuJEr2VttXOn4gCuhhVOJQBc1g4sMYUNEdsn3dJ9HbyI6W
>sL2fkuGxXCMTl5at94lLJI+Hij8t+VrDSmS+0e+W7AvL4uDuyYH6b4Bcp4BmlX8l
>m52hCy9Y72MoSHeituWXLZZ75EIWdwy8ftTmjxpO08ZPR2YjUIiwDYBZKvfWCpFt
>aQc/FJrvygTbXtfvT6WUli8qrz1Q2EzYV5c1/jGSfh+0YaNJkvDdLsRlCE0qMm4L
>TnoZmD2boumgRmCLAwmqQrkCZeSh6I8ET/I6NHhor8f0LXEuVGOjjN1IJCJ2wRT7
>QGp7iejweiDoL1EioQg2pZij4BmG8jxy4XtJRZUBtJzt8yYfIP//z5Lm+3MwO7Uq
>UCscXaI0xpLAP4WW/kQTij9wVBnByu61USK7z96dytNcxYqmQhFhaBbUcT3phqwe
>JhwGxCONz1wDJG028cXD/r1DX/s/3dHLKWbSrg6zjETaBNTkuIgQBO6SJ9tPcRht
>/7T/LPgsNvuqydPksZWan1ytstfOhEDrl2pexJBgnwpt6QlsZnKtIScHDn3PNBND
>rpeM6ZE03EVFPNQRk0sK
>=1y/J
>-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ