[OE-core] [PATCH] libxml2: Fix CVE-2017-8872

Wed, 07 Jun 2017 01:50:48 -0700 

CVE: CVE-2017-8872
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows 
attackers
to cause a denial of service (buffer over-read) or information disclosure.

External References:
https://bugzilla.gnome.org/show_bug.cgi?id=77520

Signed-off-by: Fan Xin <[email protected]>
---
 .../libxml/libxml2/libxml2-CVE-2017-8872.patch     | 23 ++++++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.4.bb          |  1 +
 2 files changed, 24 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch

diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch 
b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
new file mode 100644
index 0000000..df05e06
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,23 @@
+libxml2-2.9.4: Fix CVE-2017-8872
+
+Bug 775200 - (CVE-2017-8872) global-buffer-overflow in htmlParseTryOrFinish 
(HTMLparser.c:5403) 
+ - [https://bugzilla.gnome.org/show_bug.cgi?id=775200]
+
+CVE: CVE-2017-8872
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin <[email protected]>
+
+Index: libxml2-2.9.4/HTMLparser.c
+===================================================================
+--- libxml2-2.9.4.orig/HTMLparser.c
++++ libxml2-2.9.4/HTMLparser.c
+@@ -5396,6 +5396,8 @@ htmlParseTryOrFinish(htmlParserCtxtPtr c
+               ctxt->instate = XML_PARSER_EOF;
+               if ((ctxt->sax) && (ctxt->sax->endDocument != NULL))
+                   ctxt->sax->endDocument(ctxt->userData);
++
++              goto done;
+           }
+       }
+         if (avail < 1)
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb 
b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index ea0d3b8..0b4cbca 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -24,6 +24,7 @@ SRC_URI = 
"ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml2-CVE-2016-4658.patch \
            file://libxml2-fix_NULL_pointer_derefs.patch \
            file://CVE-2016-9318.patch \
+          file://libxml2-CVE-2017-8872.patch \
           "
 
 SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-- 
1.9.1

-- 
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to