oss-sec mailing list archives
Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 18 Apr 2013 21:27:46 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2013 02:16 PM, Kurt Seifried wrote:
On 04/17/2013 06:45 AM, Agostino Sarubbo wrote:From the secunia advisory SA53061[1]:1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory.Please use CVE-2013-1969 for this issue.2) Two use-after-free errors in "xmldecl_done()" can be exploited to dereference already freed memory.Please use CVE-2013-1970 for this issue.The vulnerabilities are reported in version 2.9.0. Other versions may also be affected.Commit: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f[1]: https://secunia.com/advisories/53061/Thanks
Please REJECT CVE-2013-1970, these two issues should have been merged, I derped and for some reason SPLIT instead of MERGE'ing these as it should have been. So just use CVE-2013-1969 for both issues. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRcLmyAAoJEBYNRVNeJnmT9hIQAL7pm6XqRrzZxx92St7Aozfq eKPtZT8joPDBKVEw+NwDZhoVBv220tI+S1gajZ6CdBveP+3Ev93CcsPF7MdJWTvE xU5Dl5+awxZjG4M9YPPQJhhuNDCeCPlplaeCube2KQj2mwchYjaLUQf5z4S7lmdz zFvSPqIr3TmQDIW5ikAtcPpC7mt6zQn//hjB/+74ZKD5fdkfzfW7tp77OFN6O4d1 /wOvTRx8b2Elf2g1iVsZLr8Y0c5CLiRc7HAeSZh6mUD88bCR9CAVCfoA4UmLnBOU NKgARNJeUCSoXx1p3Uk+ctLaz3IwtXf82VHoTxAO45zyKvN5K6ua2KyXwCVupJTK I7yEsKzKQNXlUs/4Q6eCpg1wO7odGCgeoN1O625tKQ4RgwCgzmDwQlg++qrbiFRp 5qk5eyqpcCOe2+T/B+DzPBwrkzkweCW4W5u0pPw5SgkRGyVcjaCxG8n4epXHuYhS GWD+DQ4rBwmZZBCz+TAF8qAZAgqbSQBeOEz/w9jrJaG7nxUjy3jArqhPtCVnx+7O LtcDgCAMgjDWkjpYtXFc4kRKXxNMyNg8mdvmuGsc8GDfa1CH+3FZbZbs4eYkBpO8 M+w7VdgxNpC3OzN0dD26nZuWkSbZ4BYr58c1KGwzX/wJzh9j4qi3A8OxCksC3vjq tIvWv8W8XEJ1psjcWJh+ =03FD -----END PGP SIGNATURE-----
Current thread:
- CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Agostino Sarubbo (Apr 17)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)