Fix CVE-2024-55549 (RHEL-83503)
Resolves: RHEL-83503
This commit is contained in:
David King
parent
c184f96c17
commit
bd7aac166c
45
libxslt-1.1.39-CVE-2024-55549.patch
Normal file
45
libxslt-1.1.39-CVE-2024-55549.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From 7f24858ae0f26e610a5a9a6f2a216fa6469c52d1 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Thu, 5 Dec 2024 12:43:19 +0100
|
||||
Subject: [PATCH] [CVE-2024-55549] Fix UAF related to excluded namespaces
|
||||
|
||||
Definitions of excluded namespaces could be deleted in
|
||||
xsltParseTemplateContent. Store excluded namespace URIs in the
|
||||
stylesheet's dictionary instead of referencing the namespace definition.
|
||||
|
||||
Thanks to Ivan Fratric for the report!
|
||||
|
||||
Fixes #127.
|
||||
---
|
||||
libxslt/xslt.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
|
||||
index 39a700b0..9a081cd1 100644
|
||||
--- a/libxslt/xslt.c
|
||||
+++ b/libxslt/xslt.c
|
||||
@@ -147,10 +147,20 @@ xsltParseContentError(xsltStylesheetPtr style,
|
||||
* in case of error
|
||||
*/
|
||||
static int
|
||||
-exclPrefixPush(xsltStylesheetPtr style, xmlChar * value)
|
||||
+exclPrefixPush(xsltStylesheetPtr style, xmlChar * orig)
|
||||
{
|
||||
+ xmlChar *value;
|
||||
int i;
|
||||
|
||||
+ /*
|
||||
+ * orig can come from a namespace definition on a node which
|
||||
+ * could be deleted later, for example in xsltParseTemplateContent.
|
||||
+ * Store the string in stylesheet's dict to avoid use after free.
|
||||
+ */
|
||||
+ value = (xmlChar *) xmlDictLookup(style->dict, orig, -1);
|
||||
+ if (value == NULL)
|
||||
+ return(-1);
|
||||
+
|
||||
/* do not push duplicates */
|
||||
for (i = 0;i < style->exclPrefixNr;i++) {
|
||||
if (xmlStrEqual(style->exclPrefixTab[i], value))
|
||||
--
|
||||
2.49.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Name: libxslt
|
||||
Summary: Library providing the Gnome XSLT engine
|
||||
Version: 1.1.39
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
|
||||
License: MIT
|
||||
URL: https://gitlab.gnome.org/GNOME/libxslt
|
||||
@ -21,6 +21,8 @@ BuildRequires: python3-devel
|
||||
Patch0: multilib.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1467435
|
||||
Patch1: multilib2.patch
|
||||
# https://issues.redhat.com/browse/RHEL-83503
|
||||
Patch2: libxslt-1.1.39-CVE-2024-55549.patch
|
||||
|
||||
%description
|
||||
This C library allows to transform XML files into other XML files
|
||||
@ -134,6 +136,9 @@ rm -vrf %{buildroot}%{_docdir}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Apr 04 2025 David King <dking@redhat.com> - 1.1.39-7
|
||||
- Fix CVE-2024-55549 (RHEL-83503)
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.1.39-6
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
Loading…
Reference in New Issue
Block a user