From owner-svn-ports-head@freebsd.org Wed Dec 13 14:44:45 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8FBC6EA07D6; Wed, 13 Dec 2017 14:44:45 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6724773773; Wed, 13 Dec 2017 14:44:45 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vBDEiiKc009791; Wed, 13 Dec 2017 14:44:44 GMT (envelope-from swills@FreeBSD.org) Received: (from swills@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vBDEiiqn009788; Wed, 13 Dec 2017 14:44:44 GMT (envelope-from swills@FreeBSD.org) Message-Id: <201712131444.vBDEiiqn009788@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: swills set sender to swills@FreeBSD.org using -f From: Steve Wills Date: Wed, 13 Dec 2017 14:44:44 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r456209 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: swills X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 456209 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2017 14:44:45 -0000 Author: swills Date: Wed Dec 13 14:44:44 2017 New Revision: 456209 URL: https://svnweb.freebsd.org/changeset/ports/456209 Log: Document libxml2 issue Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Dec 13 14:42:29 2017 (r456208) +++ head/security/vuxml/vuln.xml Wed Dec 13 14:44:44 2017 (r456209) @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + libxml2 -- Multiple Issues + + + libxml2 + 2.9.4 + + + + +

libxml2 developers report:

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

+ + + + https://bugzilla.gnome.org/show_bug.cgi?id=775200 + http://www.openwall.com/lists/oss-security/2017/05/15/1 + http://www.securityfocus.com/bid/98599 + http://www.openwall.com/lists/oss-security/2017/05/15/1 + http://www.securityfocus.com/bid/98556 + http://www.openwall.com/lists/oss-security/2017/05/15/1 + http://www.securityfocus.com/bid/98601 + http://www.openwall.com/lists/oss-security/2017/05/15/1 + http://www.securityfocus.com/bid/98568 + CVE-2017-8872 + CVE-2017-9047 + CVE-2017-9048 + CVE-2017-9049 + CVE-2017-9050 + + + 2017-05-10 + 2017-12-13 + + + FreeBSD -- OpenSSL multiple vulnerabilities