CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-04 16:10:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

libxslt: CVE-2015-7995

Browse Source 
This is a is being give a High rating so please consider it for
all 1.1.28 versions.

A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.

(From OE-Core rev: 2ad0b4dd7262c251f991bbf7826580d89bd6e73a)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster 2015-10-29 16:22:41 -07:00 committed by Richard Purdie
parent dc6630b44b
commit 7e9516cb0e
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch Normal file
View File

@ -0,0 +1,33 @@
From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 29 Oct 2015 19:33:23 +0800
Subject: Fix for type confusion in preprocessing attributes
CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
We need to check that the parent node is an element before dereferencing
its namespace
Upstream-Status: Backport
https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
libxslt/preproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: libxslt-1.1.28/libxslt/preproc.c
===================================================================
--- libxslt-1.1.28.orig/libxslt/preproc.c
+++ libxslt-1.1.28/libxslt/preproc.c
@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr st
} else if (IS_XSLT_NAME(inst, "attribute")) {
xmlNodePtr parent = inst->parent;
- if ((parent == NULL) || (parent->ns == NULL) ||
+ if ((parent == NULL) ||
+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
((parent->ns != inst->ns) &&
(!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {

3
meta/recipes-support/libxslt/libxslt_1.1.28.bb
View File

@ -10,7 +10,8 @@ DEPENDS = "libxml2"
SRC_URI = "ftp://xmlsoft.org/libxslt//libxslt-${PV}.tar.gz \
file://pkgconfig_fix.patch \
file://pkgconfig.patch"
file://pkgconfig.patch \
file://CVE-2015-7995.patch"
SRC_URI[md5sum] = "9667bf6f9310b957254fdcf6596600b7"
SRC_URI[sha256sum] = "5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c"