diff --git a/backport-CVE-2024-25062.patch b/backport-CVE-2024-25062.patch new file mode 100644 index 0000000000000000000000000000000000000000..88e3e356d2547e7769618ecb9d45243674db2c5d --- /dev/null +++ b/backport-CVE-2024-25062.patch @@ -0,0 +1,29 @@ +From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 14 Oct 2023 22:45:54 +0200 +Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when + backtracking + +Fixes a use-after-free if XML Reader if used with DTD validation and +XInclude expansion. + +Fixes #604. +--- + xmlreader.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/xmlreader.c b/xmlreader.c +index 979385a13..fefd68e0b 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -1443,6 +1443,7 @@ node_found: + * Handle XInclude if asked for + */ + if ((reader->xinclude) && (reader->in_xinclude == 0) && ++ (reader->state != XML_TEXTREADER_BACKTRACK) && + (reader->node != NULL) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->ns != NULL) && +-- +GitLab + diff --git a/libxml2.spec b/libxml2.spec index 287b0dc01987513dbc172e20ba44ac00158470ac..f7737edca7729b0fa33a4bc82e21125f5599eb89 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.9.10 -Release: 36 +Release: 37 License: MIT Group: Development/Libraries Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz @@ -135,6 +135,7 @@ Patch121:backport-Fix-old-SAX1-parser-with-custom-callbacks.patch Patch122:backport-Always-initialize-SAX1-element-handlers.patch Patch123:backport-malloc-fail-Fix-memory-leak-in-xmlStaticCopyNodeList.patch Patch124:backport-CVE-2023-45322.patch +Patch125:backport-CVE-2024-25062.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python2-devel @@ -326,7 +327,13 @@ rm -fr %{buildroot} %changelog -* Mon Oct 16 hehuazhen - 2.9.10-35 +* Mon Feb 19 hehuazhen - 2.9.10-37 +- Type:CVE +- CVE:CVE-2024-25062 +- SUG:NA +- DESC:fix CVE-2024-25062 + +* Mon Oct 16 hehuazhen - 2.9.10-36 - Type:CVE - CVE:CVE-2023-45322 - SUG:NA