[Secure-testing-team] Bug#870870: libxml2: CVE-2017-0663: Heap buffer overflow in xmlAddID
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 5 21:01:53 UTC 2017
Source: libxml2
Version: 2.9.1+dfsg1-5
Severity: important
Tags: patch security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=780228
Hi,
the following vulnerability was published for libxml2.
CVE-2017-0663[0]:
| A remote code execution vulnerability in libxml2 could enable an
| attacker using a specially crafted file to execute arbitrary code
| within the context of an unprivileged process. This issue is rated as
| High due to the possibility of remote code execution in an application
| that uses this library. Product: Android. Versions: 4.4.4, 5.0.2,
| 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-0663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
[1] https://bugzilla.gnome.org/show_bug.cgi?id=780228
[2] https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1462225
https://bugzilla.redhat.com/show_bug.cgi?id=1462225#c2
https://bugzilla.redhat.com/show_bug.cgi?id=1462225#c3
[4] https://bugzilla.novell.com/show_bug.cgi?id=1044337
Regards,
Salvatore
More information about the Secure-testing-team
mailing list