GitLab

CVE-2018-9251: The xz_decomp function in xzlib.c in libxml2 2.9.8, if —with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via
a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

References:

https://bugzilla.gnome.org/show\_bug.cgi?id=794914

Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

CVE-2018-14404: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

References:

https://gitlab.gnome.org/GNOME/libxml2/issues/5
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14404.html

Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594

CVE-2018-14567: libxml2 2.9.8, if —with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers
LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

References:

https://gitlab.gnome.org/GNOME/libxml2/issues/13
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14567.html

Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

(from redmine: issue id 9564, created on 2018-10-23, closed on 2018-10-25)

• Relations:
  • parent #9563 (closed)
• Changesets:
  • Revision a6c278e2 by Natanael Copa on 2018-10-24T16:18:38Z:

main/libxml2: backport security fixes

- CVE-2018-9251
- CVE-2018-14404
- CVE-2018-14567

fixes #9564