Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon,  2 Nov 2015 11:03:55 -0500 (EST)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: DoS in libxml2 if xz is enabled

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We found a denegation of service parsing a specially crafted xml in libxml2
> if xz support is enabled. It affects version 2.9.1 and probably others.
> Find attached a xml that never finishes the parsing process:
> ...
> #0  0xb7f3e63c in xz_decomp (state=state@...ry=0x8001cff0)

Use CVE-2015-8035.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWN4jAAAoJEL54rhJi8gl5/dMP/iQwWAw5fr+9kWkFCQEEfyM9
xznrHRmuygTKDSNMSFGuZ2wXbGzsakJNFke3BC6WqU8343CjoWbX7FinfR/NSqEN
HykMeCUlAuM7I19CA/8Ig1qBoS/46LUBNwMrRrmbfJyNn1mh52+96RBYISFmhF2/
hyEhGl+4zscCy+JRgZD0/77bNZR0fS1gxy3x6pXr5TN9MmxTONXEHk3Kg0u9jHAC
ve1pzE8DxzNTIi0vbI4MNGP0NezTFUNjhcCuxiiJUuqhNZ2wvkJAgCkxEQz6uvPP
XoOVuyu/+ytM4Z42wAId7aylgu7Zdp7Yx2Ej5PZLIYo8TDrrOp5dqRC83hdV1S0n
AU/VEFF7CqEDrX2W5Idjx9sbnAnVGcsBrVTZta5zkpaHZhtnjK/SeNKNKOgxc5F8
YRc/M/LasyHQBq/mK982h3iY2r82r7XN4tmkYayzXBtMEEXm1eRbS9eQx/je3bX+
I66BlEAaUdhqNhRU5Auyx27FIVuM7RnmU/7SKYWaB45H3X/b1Zr8Xpxvyd/LKqhG
TxtOuI3i7+d9gl13iX35jfxwSitdoIoNNU5JWftVOalHGITG+glsDq9PFBVB0Udl
E039za5WjF/R64p/uSoBgMvu4UqOE1DBks+h0VK0vzV/jV3VrUQb/b1qmjlSXzsN
gTz8OIpmOf6o/PZ8kHRe
=pFpx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.