Fix CVE-2025-49796 (RHEL-96421)
Resolves: RHEL-96421
This commit is contained in:
David King
parent
24ab95fa12
commit
37a7275bd4
40
libxml2-2.12.5-CVE-2025-49796.patch
Normal file
40
libxml2-2.12.5-CVE-2025-49796.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From 12ef9e5bb7b4bf4f901a2a34b6609a908b1544af Mon Sep 17 00:00:00 2001
|
||||
From: David King <dking@redhat.com>
|
||||
Date: Wed, 2 Jul 2025 13:56:53 +0100
|
||||
Subject: [PATCH] Fix CVE-2025-49796
|
||||
|
||||
Fix for type confusion in CVE-2025-49796, for the specific case
|
||||
mentioned in the vulnerability report. A more general fix should be
|
||||
applied in the future, after upstream review.
|
||||
|
||||
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
|
||||
---
|
||||
schematron.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/schematron.c b/schematron.c
|
||||
index ba7fa56c..47f97c04 100644
|
||||
--- a/schematron.c
|
||||
+++ b/schematron.c
|
||||
@@ -26,6 +26,7 @@
|
||||
#ifdef LIBXML_SCHEMATRON_ENABLED
|
||||
|
||||
#include <stdlib.h>
|
||||
+#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <libxml/parser.h>
|
||||
#include <libxml/tree.h>
|
||||
@@ -1442,7 +1443,9 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
|
||||
xmlFree(path);
|
||||
}
|
||||
|
||||
- if ((node->ns == NULL) || (node->ns->prefix == NULL))
|
||||
+ if ((node == NULL) || (node->ns == NULL)
|
||||
+ || ((uintptr_t)node->ns == (uintptr_t)-1) // Check for 0xffffffffffffffff
|
||||
+ || (node->ns->prefix == NULL))
|
||||
ret = xmlStrcat(ret, node->name);
|
||||
else {
|
||||
ret = xmlStrcat(ret, node->ns->prefix);
|
||||
--
|
||||
2.49.0
|
||||
|
||||
@ -30,6 +30,8 @@ Patch5: libxml2-2.12.5-CVE-2025-6021.patch
|
||||
Patch6: libxml2-2.12.5-CVE-2025-49794.patch
|
||||
# https://issues.redhat.com/browse/RHEL-96408
|
||||
Patch7: libxml2-2.12.5-CVE-2025-49795.patch
|
||||
# https://issues.redhat.com/browse/RHEL-96421
|
||||
Patch8: libxml2-2.12.5-CVE-2025-49796.patch
|
||||
|
||||
BuildRequires: cmake-rpm-macros
|
||||
BuildRequires: gcc
|
||||
@ -174,6 +176,7 @@ popd
|
||||
- Fix CVE-2025-6021 (RHEL-96495)
|
||||
- Fix CVE-2025-49794 (RHEL-96395)
|
||||
- Fix CVE-2025-49795 (RHEL-96408)
|
||||
- Fix CVE-2025-49796 (RHEL-96421)
|
||||
|
||||
* Mon Feb 24 2025 David King <dking@redhat.com> - 2.12.5-5
|
||||
- Fix CVE-2024-56171 (RHEL-80119)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user