SB2015112004 - Fedora 22 update for libxml2

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2015-8242)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser when processing crafted XML data. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Out-of-bounds read (CVE-ID: CVE-2015-7500)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary error in the xmlParseMisc function in parser.c. A remote attacker can create unspecified vectors related to incorrect entities boundaries and start tags, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

3) Heap-based buffer overflow (CVE-ID: CVE-2015-7499)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Resource management error (CVE-ID: CVE-2015-5312)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

5) Heap-based buffer overflow (CVE-ID: CVE-2015-7498)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3. A remote attacker can use unspecified vectors related to extracting errors after an encoding conversion failure. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Heap-based buffer overflow (CVE-ID: CVE-2015-7497)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Resource management error (CVE-ID: CVE-2015-1819)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

8) Input validation error (CVE-ID: CVE-2015-7941)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. "context dependent" seems to point to MiTM attack due to: If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

9) Buffer overflow (CVE-ID: CVE-2015-7942)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

10) Resource management error (CVE-ID: CVE-2015-8035)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2015-037f844d3e