<chromium-browser-20.0.1132.43: multiple vulnerabilities (CVE-2012-{2807,2815,2817,2818,2819,2820,2821,2823,2824,2825,2826,2829,2830,2831,2834})

Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2807 to the following vulnerability:

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

References:
[1] http://code.google.com/p/chromium/issues/detail?id=129930
[2] http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html

The Google Chrome 20 release announcement [1] noted and fixed a flaw in libxslt:

* [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire.

This has been corrected in the Chromium git repository [2]; the upstream fix is noted as pending.

[1] http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html
[2] http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09

Created libxslt tracking bugs for this issue

Affects: fedora-all [bug 835983]

Relevant Google Chrome patch:
[3] http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb

Okay, i finally pushed a patch upstream that I think should backport
rather easily

http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626

that one

http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28

should also be applied in the errata to avoid similar problem elsewhere.
Somehow that's not a complete fix but that's the most immediate and
simple way to stop the given problem. I'm still working on a (rather
large and intrusive) set of patches for upstream but I would not suggest
to push that in RHEL. For fedora I may be tempted to rebase once a new
libxml2 version is out

Daniel

The above patches, described in comment #4 seems to solve the problem here. libxml2 no longer crashes with them.

For Red Hat Enterprise Linux use case, we may however require few more patches from upstream.

Created libxml2 tracking bugs for this issue

Affects: fedora-all [bug 843743]

This has been reported over 2 months ago with a possible fix coming in a little over a month. Is there any plan of action to fix libxml2 vulnerabilities?

Primarily this is a bump to put in back on someones to do list.
Thank you

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:1288 https://rhn.redhat.com/errata/RHSA-2012-1288.html

Created mingw32-libxml2 tracking bugs for this issue

Affects: epel-5 [bug 858914]
Affects: fedora-all [bug 858915]

libxslt-1.1.26-10.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.

libxslt-1.1.26-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.

libxslt-1.1.27-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.

This flaw affects x86_64 version of libxml2 only, however mingw32-libxml2 is only shipped as x86 (32-bit) and therefore it is not affected.

Statement:

This issue affected the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This issue does not affect the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6.

Statement:

(none)