Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: libxml security fix from apple ... any information?
From: Billy Rios <billy.rios () gmail com>
Date: Thu, 28 Jul 2011 21:59:22 -0700

The crash was indeed in libxml2, but I could not get the bug to repro in
Linux.  We took the crash file and fuzzed a bit more on Linux, but no
crashes were observed.

BK


On Thu, Jul 28, 2011 at 6:22 AM, Marcus Meissner <meissner () suse de> wrote:

Hi folks, Billy, Daniel,

On
http://support.apple.com/kb/HT4808
there is a libxml security issue listed:

-----------------------------------------
libxml

Available for: Windows 7, Vista, XP SP2 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution

Description: A one-byte heap buffer overflow existed in libxml's handling
of XML data. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0216 : Billy Rios of the Google Security Team
-----------------------------------------

I suspect this is libxml2 and it likely also affects Linux?

If this is correct, could you identify the commit fixing this issue?

Ciao, Marcus


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault