[3.9] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)
CVE-2018-9251: The xz_decomp function in xzlib.c in libxml2 2.9.8,
if —with-lzma is used, allows remote attackers to cause a denial of
service (infinite loop) via
a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated
by xmllint, a different vulnerability than CVE-2015-8035.
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=794914
Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14404: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
References:
https://gitlab.gnome.org/GNOME/libxml2/issues/5
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14404.html
Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
CVE-2018-14567: libxml2 2.9.8, if —with-lzma is used, allows remote
attackers to cause a denial of service (infinite loop) via a crafted XML
file that triggers
LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different
vulnerability than CVE-2015-8035 and CVE-2018-9251.
References:
https://gitlab.gnome.org/GNOME/libxml2/issues/13
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14567.html
Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
(from redmine: issue id 9564, created on 2018-10-23, closed on 2018-10-25)
- Relations:
- parent #9563 (closed)
- Changesets:
- Revision a6c278e2 by Natanael Copa on 2018-10-24T16:18:38Z:
main/libxml2: backport security fixes
- CVE-2018-9251
- CVE-2018-14404
- CVE-2018-14567
fixes #9564