oss-sec mailing list archives
Re: libxml security fix from apple ... any information?
From: Billy Rios <billy.rios () gmail com>
Date: Thu, 28 Jul 2011 21:59:22 -0700
The crash was indeed in libxml2, but I could not get the bug to repro in Linux. We took the crash file and fuzzed a bit more on Linux, but no crashes were observed. BK On Thu, Jul 28, 2011 at 6:22 AM, Marcus Meissner <meissner () suse de> wrote:
Hi folks, Billy, Daniel, On http://support.apple.com/kb/HT4808 there is a libxml security issue listed: ----------------------------------------- libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team ----------------------------------------- I suspect this is libxml2 and it likely also affects Linux? If this is correct, could you identify the commit fixing this issue? Ciao, Marcus
Current thread:
- libxml security fix from apple ... any information? Marcus Meissner (Jul 28)
- Re: libxml security fix from apple ... any information? Huzaifa Sidhpurwala (Jul 28)
- Re: libxml security fix from apple ... any information? Billy Rios (Jul 28)
- Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
- Re: Re: libxml security fix from apple ... any information? Moritz Muehlenhoff (Jul 29)
- Re: Re: libxml security fix from apple ... any information? Jeffrey Czerniak (Jul 30)
- Re: libxml security fix from apple ... any information? Solar Designer (Jul 30)
- Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
- Re: libxml security fix from apple ... any information? Daniel Veillard (Aug 04)