Debian Bug report logs - #643648
CVE-2011-2834 and CVE-2011-2821

version graph

Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>; Source for libxml2 is src:libxml2.

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Wed, 28 Sep 2011 10:57:18 UTC

Severity: serious

Tags: security

Fixed in version libxml2/2.7.8.dfsg-5

Done: Mike Hommey <glandium@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2. (Wed, 28 Sep 2011 10:57:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Wed, 28 Sep 2011 10:57:24 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-2834 and CVE-2011-2821
Date: Wed, 28 Sep 2011 12:54:33 +0200
Package: libxml2
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

two libxml2 issues were fixed in the latest chrome updates:

CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.

Patch:
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6


CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.

Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359


Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6C/OYACgkQNxpp46476apt2ACdHKTvWjo4WoxEWsVD6Z7a9elU
AFgAn2ml9iJvUDCXczdrJcVH1PIknJFT
=EMJW
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2. (Fri, 07 Oct 2011 07:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Fri, 07 Oct 2011 07:06:03 GMT) Full text and rfc822 format available.

Message #10 received at 643648@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Giuseppe Iuculano <iuculano@debian.org>, 643648@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#643648: CVE-2011-2834 and CVE-2011-2821
Date: Fri, 7 Oct 2011 09:02:00 +0200
On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> Package: libxml2
> Severity: serious
> Tags: security
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> two libxml2 issues were fixed in the latest chrome updates:
> 
> CVE-2011-2821
> Double free vulnerability in libxml2, as used in Google Chrome before
> 13.0.782.215, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via a crafted XPath expression.
> 
> Patch:
> http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
> 
> 
> CVE-2011-2834
> Double free vulnerability in libxml2, as used in Google Chrome before
> 14.0.835.163, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via vectors related to XPath
> handling.
> 
> Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359

I'm going to push that to unstable, do we want stable/oldstable
backports?

Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2. (Fri, 07 Oct 2011 07:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Fri, 07 Oct 2011 07:24:06 GMT) Full text and rfc822 format available.

Message #15 received at 643648@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Giuseppe Iuculano <iuculano@debian.org>, 643648@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#643648: CVE-2011-2834 and CVE-2011-2821
Date: Fri, 7 Oct 2011 09:21:33 +0200
On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote:
> On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> > Package: libxml2
> > Severity: serious
> > Tags: security
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Hi,
> > 
> > two libxml2 issues were fixed in the latest chrome updates:
> > 
> > CVE-2011-2821
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 13.0.782.215, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via a crafted XPath expression.
> > 
> > Patch:
> > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6

As a matter of fact, this one was fixed with CVE-2010-4494.
CVE-2011-2821 is actually
http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb

Mike




Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility. (Fri, 07 Oct 2011 07:51:06 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Fri, 07 Oct 2011 07:51:06 GMT) Full text and rfc822 format available.

Message #20 received at 643648-close@bugs.debian.org (full text, mbox):

From: Mike Hommey <glandium@debian.org>
To: 643648-close@bugs.debian.org
Subject: Bug#643648: fixed in libxml2 2.7.8.dfsg-5
Date: Fri, 07 Oct 2011 07:47:26 +0000
Source: libxml2
Source-Version: 2.7.8.dfsg-5

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive:

libxml2-dbg_2.7.8.dfsg-5_amd64.deb
  to main/libx/libxml2/libxml2-dbg_2.7.8.dfsg-5_amd64.deb
libxml2-dev_2.7.8.dfsg-5_amd64.deb
  to main/libx/libxml2/libxml2-dev_2.7.8.dfsg-5_amd64.deb
libxml2-doc_2.7.8.dfsg-5_all.deb
  to main/libx/libxml2/libxml2-doc_2.7.8.dfsg-5_all.deb
libxml2-utils_2.7.8.dfsg-5_amd64.deb
  to main/libx/libxml2/libxml2-utils_2.7.8.dfsg-5_amd64.deb
libxml2_2.7.8.dfsg-5.diff.gz
  to main/libx/libxml2/libxml2_2.7.8.dfsg-5.diff.gz
libxml2_2.7.8.dfsg-5.dsc
  to main/libx/libxml2/libxml2_2.7.8.dfsg-5.dsc
libxml2_2.7.8.dfsg-5_amd64.deb
  to main/libx/libxml2/libxml2_2.7.8.dfsg-5_amd64.deb
python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
  to main/libx/libxml2/python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
python-libxml2_2.7.8.dfsg-5_amd64.deb
  to main/libx/libxml2/python-libxml2_2.7.8.dfsg-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 643648@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 07 Oct 2011 09:31:14 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-5
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 643648
Changes: 
 libxml2 (2.7.8.dfsg-5) unstable; urgency=low
 .
   * xpath.c, xpointer.c, include/libxml/xpath.h: Hardening of XPath evaluation.
     CVE-2011-2821.
   * xpath.c: Fix for undefined namespaces. CVE-2011-2834.
   * Both closes: #643648.
Checksums-Sha1: 
 5f196d9e6bae1def9f7e2ea08e45bbe12245d09f 2370 libxml2_2.7.8.dfsg-5.dsc
 81cf9777f6339d771ea9335c325d9cc289f79b70 117912 libxml2_2.7.8.dfsg-5.diff.gz
 c89b1f557605095094eed7522bde6e15d2cfd78d 891938 libxml2_2.7.8.dfsg-5_amd64.deb
 678105173f175c18b5c6fee453c8aa909af9065b 92564 libxml2-utils_2.7.8.dfsg-5_amd64.deb
 83ea6720cc08390ed63b51140f7876d5367c9096 854392 libxml2-dev_2.7.8.dfsg-5_amd64.deb
 bf4cad70e9451a4cfee9124eb786a17717b2cfa0 1118050 libxml2-dbg_2.7.8.dfsg-5_amd64.deb
 40321fb296dba8af0aba852395bc8cebc69d8a2d 1377374 libxml2-doc_2.7.8.dfsg-5_all.deb
 51466633578ebab5a830be5837d762e4b644a268 339494 python-libxml2_2.7.8.dfsg-5_amd64.deb
 6efb0c1385d038ee725eac2b81d0305e5bbc02d8 855508 python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
Checksums-Sha256: 
 47335864adb55c9111a06e966df333c0f848e377606ef4688c122886c530635c 2370 libxml2_2.7.8.dfsg-5.dsc
 2f96c0ae319c9a518db05b342a967eeb4113e6fb93e3723ad3e668b588a87fd3 117912 libxml2_2.7.8.dfsg-5.diff.gz
 fee426571bccbd9838584261be2063063e6cf9aca13f5aded51878df28950f75 891938 libxml2_2.7.8.dfsg-5_amd64.deb
 365d5034f841527118855e56d273f94d95343d1920775157e32841e54dfad903 92564 libxml2-utils_2.7.8.dfsg-5_amd64.deb
 65448c7386ad2e6c59327e6add82b5911d53e79825f31bba3a63c9ea2bf9ebf9 854392 libxml2-dev_2.7.8.dfsg-5_amd64.deb
 5e6f698d4281091c8f5fb8630050eda89dd9d616bbd067bb414fb0219afe5ba4 1118050 libxml2-dbg_2.7.8.dfsg-5_amd64.deb
 bd1d0dfd774da14132b5cd83c0724b34dc46f9053fc417d910bd4f97f7efe9b9 1377374 libxml2-doc_2.7.8.dfsg-5_all.deb
 67218d7cb3d83d0df2d00be4bce77e588e6c8ec4de24fb2dcd221d85f8ea0e8d 339494 python-libxml2_2.7.8.dfsg-5_amd64.deb
 4a9ef7fb5433bc071a6fd9e2525d03d64bfd85db570ddef028968cdc632f67e0 855508 python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb
Files: 
 b50b1eefb84c9cdc759bbf503cb998a5 2370 libs optional libxml2_2.7.8.dfsg-5.dsc
 f94d9e94e2b04c0b5f0646d82f339c09 117912 libs optional libxml2_2.7.8.dfsg-5.diff.gz
 0082ff7ec655477678174db912129884 891938 libs standard libxml2_2.7.8.dfsg-5_amd64.deb
 d7d1c423991ae187f377655eda5e954a 92564 text optional libxml2-utils_2.7.8.dfsg-5_amd64.deb
 176d2b30c570564e7ab5f2be7c9ae2be 854392 libdevel optional libxml2-dev_2.7.8.dfsg-5_amd64.deb
 9bb16ebc850599eb5811510ae31002cd 1118050 debug extra libxml2-dbg_2.7.8.dfsg-5_amd64.deb
 a509f1a2a2b2f48fd8eaadc6799b6b27 1377374 doc optional libxml2-doc_2.7.8.dfsg-5_all.deb
 5dfe849c3286faa0086d8a4a85692b9e 339494 python optional python-libxml2_2.7.8.dfsg-5_amd64.deb
 6bcab857662a8c2b8d5898f1b7f0bb5b 855508 debug extra python-libxml2-dbg_2.7.8.dfsg-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTo6tIuQqoE+mqoxyAQjAEg//U1+CIE+2EVv+09Kw32VfKqexTT642uau
72hlYTQYKzbegQDWTAwSa/k1xBb5mkXriySX+NI3ZGd5fWSyoSJEDF5qfZRU3NzS
vbVehMmrsfyO78vVyTV74ULcdLGFalzBYry+AKPs8wryOSTpGm6rZhh2TDlx1Uqu
RCnFHL/CEZxuF06uH6q3g4n2BtsMR66nB+LTMWbfei6/ZMdqqvm43RnIGst1H1cD
5vFhnGFnLDoeksvcFXLb8RGFHQJl8Js2KtNHzdwBqEmxEuiOhL0Z3aK2M8OP+05h
maRKGxWYCTjqDVC639F+yByOxLzELWzzsH0n9wL3Bds5rqxB7HNFolxdEp6bqtBK
bG326M77aqnMD0xj0qqOw2slbHkHJr6zR/LjYGOngyFGRWcweZr6+tyZljgi5D4i
sjKhkv/ZEdQvR39mXDeuDt0SobVFWJSNwGGPKE24ysd8Wvhx8jaiFGY9EJirpqLO
XCTtJJwL7N0shrfKX4cmaPI+iAz2jAoTL7K/Hd3tK2U1slX+8RzQNAYeLLZ3VytS
drzgjcaHvpL8AvXShElez1jEwVPpMZ0bui+ov6XemRixQ44wEF5reSfq+NsmF06n
1FesfYxPlz5J8Sh3+sOT/Q596gQlmIAtUEJYEXnPT+kfeQPfwSRaQWi1rQEuy+DH
ddNd22/SxLs=
=zJXR
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#643648; Package libxml2. (Mon, 10 Oct 2011 16:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Mon, 10 Oct 2011 16:27:03 GMT) Full text and rfc822 format available.

Message #25 received at 643648@bugs.debian.org (full text, mbox):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Mike Hommey <mh@glandium.org>
Cc: Giuseppe Iuculano <iuculano@debian.org>, 643648@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#643648: CVE-2011-2834 and CVE-2011-2821
Date: Mon, 10 Oct 2011 18:24:25 +0200
On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote:
> On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> > Package: libxml2
> > Severity: serious
> > Tags: security
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Hi,
> > 
> > two libxml2 issues were fixed in the latest chrome updates:
> > 
> > CVE-2011-2821
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 13.0.782.215, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via a crafted XPath expression.
> > 
> > Patch:
> > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
> > 
> > 
> > CVE-2011-2834
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 14.0.835.163, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via vectors related to XPath
> > handling.
> > 
> > Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
> 
> I'm going to push that to unstable, do we want stable/oldstable
> backports?

This doesn't allow code injection. Let's stack it up until a more severe
issue arises in libxml2. (Alternative we can fix it in a point update)

Cheers,
        Moritz




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 14 Nov 2011 07:35:34 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:35:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.