From 90a8595ed3402daf0d191be8cc0a707c53603b95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 8 Mar 2024 16:39:31 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 libxml2 revision 8699663f16a385a3907d565db2b6e539 --- libxml2-CVE-2024-25062.patch | 29 +++++++++++++++++++++++++++++ libxml2.changes | 6 ++++++ libxml2.spec | 4 ++++ 3 files changed, 39 insertions(+) create mode 100644 libxml2-CVE-2024-25062.patch diff --git a/libxml2-CVE-2024-25062.patch b/libxml2-CVE-2024-25062.patch new file mode 100644 index 0000000..75d8f9b --- /dev/null +++ b/libxml2-CVE-2024-25062.patch @@ -0,0 +1,29 @@ +From 1a66b176055d25ee635bf328c7b35b381db0b71d Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 14 Oct 2023 22:45:54 +0200 +Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when + backtracking + +Fixes a use-after-free if XML Reader if used with DTD validation and +XInclude expansion. + +Fixes #604. +--- + xmlreader.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/xmlreader.c b/xmlreader.c +index 3bdb8228..6486c7da 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -1428,6 +1428,7 @@ node_found: + * Handle XInclude if asked for + */ + if ((reader->xinclude) && (reader->in_xinclude == 0) && ++ (reader->state != XML_TEXTREADER_BACKTRACK) && + (reader->node != NULL) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->ns != NULL) && +-- +GitLab + diff --git a/libxml2.changes b/libxml2.changes index 9ae35a9..4c89f57 100644 --- a/libxml2.changes +++ b/libxml2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sat Feb 10 10:56:46 UTC 2024 - David Anes + +- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader + * Added libxml2-CVE-2024-25062.patch + ------------------------------------------------------------------- Thu Nov 16 12:44:37 UTC 2023 - Bjørn Lie diff --git a/libxml2.spec b/libxml2.spec index abebe65..f17aae8 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -51,6 +51,10 @@ Patch3: python312.patch # PATCH-FIX-UPSTREAM CVE-2023-45322 bsc#1216129 # https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 Patch4: libxml2-CVE-2023-45322.patch +# PATCH-FIX-UPSTREAM use-after-free in XMLReader bsc#1219576 david.anes@suse.com +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a66b176055d25ee635bf328c7b35b381db0b71d +Patch5: libxml2-CVE-2024-25062.patch + # ### -- openSUSE patches range from 1000 to 1999 -- ### # PATCH-FIX-OPENSUSE