Fix CVE-2025-6021 (RHEL-96507)
Resolves: RHEL-96507
This commit is contained in:
David King
parent
fe82a7d33c
commit
1606e10e41
49
libxml2-2.9.13-CVE-2025-6021.patch
Normal file
49
libxml2-2.9.13-CVE-2025-6021.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From 1256dce1c2c928e1436a7e8bd8b40113099383c8 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Tue, 27 May 2025 12:53:17 +0200
|
||||
Subject: [PATCH] tree: Fix integer overflow in xmlBuildQName
|
||||
|
||||
This issue affects memory safety and might receive a CVE ID later.
|
||||
|
||||
Fixes #926.
|
||||
---
|
||||
tree.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/tree.c b/tree.c
|
||||
index 86afb7d6..3b0d0397 100644
|
||||
--- a/tree.c
|
||||
+++ b/tree.c
|
||||
@@ -20,6 +20,7 @@
|
||||
|
||||
#include <string.h> /* for memset() only ! */
|
||||
#include <stddef.h>
|
||||
+#include <stdint.h>
|
||||
#include <limits.h>
|
||||
#ifdef HAVE_CTYPE_H
|
||||
#include <ctype.h>
|
||||
@@ -222,16 +223,18 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) {
|
||||
xmlChar *
|
||||
xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
|
||||
xmlChar *memory, int len) {
|
||||
- int lenn, lenp;
|
||||
+ size_t lenn, lenp;
|
||||
xmlChar *ret;
|
||||
|
||||
- if (ncname == NULL) return(NULL);
|
||||
+ if ((ncname == NULL) || (len < 0)) return(NULL);
|
||||
if (prefix == NULL) return((xmlChar *) ncname);
|
||||
|
||||
lenn = strlen((char *) ncname);
|
||||
lenp = strlen((char *) prefix);
|
||||
+ if (lenn >= SIZE_MAX - lenp - 1)
|
||||
+ return(NULL);
|
||||
|
||||
- if ((memory == NULL) || (len < lenn + lenp + 2)) {
|
||||
+ if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) {
|
||||
ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2);
|
||||
if (ret == NULL) {
|
||||
xmlTreeErrMemory("building QName");
|
||||
--
|
||||
2.49.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libxml2
|
||||
Version: 2.9.13
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
Summary: Library providing XML and HTML support
|
||||
|
||||
License: MIT
|
||||
@ -30,6 +30,8 @@ Patch10: libxml2-2.9.13-CVE-2022-49043.patch
|
||||
Patch11: libxml2-2.9.13-CVE-2024-56171.patch
|
||||
# https://issues.redhat.com/browse/RHEL-80142
|
||||
Patch12: libxml2-2.9.13-CVE-2025-24928.patch
|
||||
# https://issues.redhat.com/browse/RHEL-96507
|
||||
Patch13: libxml2-2.9.13-CVE-2025-6021.patch
|
||||
|
||||
BuildRequires: cmake-rpm-macros
|
||||
BuildRequires: gcc
|
||||
@ -158,6 +160,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
|
||||
%{python3_sitearch}/libxml2mod.so
|
||||
|
||||
%changelog
|
||||
* Mon Jun 16 2025 David King <dking@redhat.com> - 2.9.13-10
|
||||
- Fix CVE-2025-6021 (RHEL-96507)
|
||||
|
||||
* Wed Feb 26 2025 David King <dking@redhat.com> - 2.9.13-9
|
||||
- Fix CVE-2025-24928 (RHEL-80142)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user