[OE-core] [master][jethro][fido][PATCH] libxslt: CVE-2015-7995

akuster808 akuster808 at gmail.com
Thu Nov 5 20:29:09 UTC 2015 

Ping.

- armin

On 10/29/2015 04:22 PM, Armin Kuster wrote:
> From: Armin Kuster <akuster at mvista.com>
> 
> This is a is being give a High rating so please consider it for
> all 1.1.28 versions.
> 
> A type confusion error within the libxslt "xsltStylePreCompute()"
> function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
> other versions may also be affected.
> 
> Signed-off-by: Armin Kuster <akuster at mvista.com>
> ---
>  .../libxslt/libxslt/CVE-2015-7995.patch            | 33 ++++++++++++++++++++++
>  meta/recipes-support/libxslt/libxslt_1.1.28.bb     |  3 +-
>  2 files changed, 35 insertions(+), 1 deletion(-)
>  create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
> 
> diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
> new file mode 100644
> index 0000000..e4d09c2
> --- /dev/null
> +++ b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
> @@ -0,0 +1,33 @@
> +From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
> +From: Daniel Veillard <veillard at redhat.com>
> +Date: Thu, 29 Oct 2015 19:33:23 +0800
> +Subject: Fix for type confusion in preprocessing attributes
> +
> +CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
> +We need to check that the parent node is an element before dereferencing
> +its namespace
> +
> +Upstream-Status: Backport
> +
> +https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
> +
> +Signed-off-by: Armin Kuster <akuster at mvista.com>
> +
> +---
> + libxslt/preproc.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +Index: libxslt-1.1.28/libxslt/preproc.c
> +===================================================================
> +--- libxslt-1.1.28.orig/libxslt/preproc.c
> ++++ libxslt-1.1.28/libxslt/preproc.c
> +@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr st
> + 	} else if (IS_XSLT_NAME(inst, "attribute")) {
> + 	    xmlNodePtr parent = inst->parent;
> + 
> +-	    if ((parent == NULL) || (parent->ns == NULL) ||
> ++	    if ((parent == NULL) ||
> ++	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
> + 		((parent->ns != inst->ns) &&
> + 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
> + 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
> diff --git a/meta/recipes-support/libxslt/libxslt_1.1.28.bb b/meta/recipes-support/libxslt/libxslt_1.1.28.bb
> index 166bcd8..87fabec 100644
> --- a/meta/recipes-support/libxslt/libxslt_1.1.28.bb
> +++ b/meta/recipes-support/libxslt/libxslt_1.1.28.bb
> @@ -10,7 +10,8 @@ DEPENDS = "libxml2"
>  
>  SRC_URI = "ftp://xmlsoft.org/libxslt//libxslt-${PV}.tar.gz \
>             file://pkgconfig_fix.patch \
> -           file://pkgconfig.patch"
> +           file://pkgconfig.patch \
> +           file://CVE-2015-7995.patch"
>  
>  SRC_URI[md5sum] = "9667bf6f9310b957254fdcf6596600b7"
>  SRC_URI[sha256sum] = "5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c"
>

More information about the Openembedded-core mailing list