SB2017111019 - Gentoo update for libxml2

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) XML External Entity injection (CVE-ID: CVE-2016-9318)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

2) Out-of-bounds write (CVE-ID: CVE-2017-0663)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

3) Input validation error (CVE-ID: CVE-2017-5969)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via a crafted XML document.

4) XXE attack (CVE-ID: CVE-2017-7375)

The vulnerability allows a remote unauthenticated attacker to perform XXE attack on the target system.

The weakness exists in the xmlParsePEReference function due to insufficient validation for external entities. A remote attacker can perform XXE attack and gain access to potentially sensitive information.

5) Memory corruption (CVE-ID: CVE-2017-9047)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlSnprintfElementContent function of XMLSoft libxml2 due to improper memory handling by the valid.c source code. A remote attacker can send a specially crafted XML file, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Stack-based buffer overflow (CVE-ID: CVE-2017-9048)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlSnprintfElementContent function of XMLSoft libxml2 due to improper bounds checking in the valid.c code. A remote attacker can send a specially crafted request, trigger stack-based buffer overflow condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Heap-based buffer over-read (CVE-ID: CVE-2017-9049)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlDictComputeFastKey function of XMLSoft libxml2 due to improper bounds checking in the dict.c code. A remote attacker can send a specially crafted request, trigger heap-based buffer over-read condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Heap-based buffer over-read (CVE-ID: CVE-2017-9050)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlDictAddString function of XMLSoft libxml2 due to improper bounds checking in the dict.c code. A remote attacker can send a specially crafted request, trigger heap-based buffer over-read condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201711-01