Package: xmlrpc-c
Version: 1.06.27-1
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu karmic ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: fix DoS via malformed XML
- debian/patches/CVE-2009-3720.patch: update expat/xmltok/xmltok_impl.c
to not access beyond end of input string
- CVE-2009-3720
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
- debian/patches/CVE-2009-3560.patch: update expat/xmlparse/xmlparse.c to
properly recognize the end of a token
- CVE-2009-3560
We thought you might be interested in doing the same. Please note that the
patches do include the regressions fixes.
Jamie
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-17-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u xmlrpc-c-1.06.27/debian/changelog xmlrpc-c-1.06.27/debian/changelog
diff -u xmlrpc-c-1.06.27/debian/patches/series xmlrpc-c-1.06.27/debian/patches/series
--- xmlrpc-c-1.06.27/debian/patches/series
+++ xmlrpc-c-1.06.27/debian/patches/series
@@ -3,0 +4,2 @@
+CVE-2009-3720.patch
+CVE-2009-3560.patch
only in patch2:
unchanged:
--- xmlrpc-c-1.06.27.orig/debian/patches/CVE-2009-3560.patch
+++ xmlrpc-c-1.06.27/debian/patches/CVE-2009-3560.patch
@@ -0,0 +1,19 @@
+Description: DoS via XML document with malformed UTF-8 sequences
+ (CVE_2009_3560)
+Origin: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
+ http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166
+ http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
+
+diff -Nur xmlrpc-c-1.06.27/lib/expat/xmlparse/xmlparse.c xmlrpc-c-1.06.27.new/lib/expat/xmlparse/xmlparse.c
+--- xmlrpc-c-1.06.27/lib/expat/xmlparse/xmlparse.c 2007-01-10 19:08:53.000000000 -0600
++++ xmlrpc-c-1.06.27.new/lib/expat/xmlparse/xmlparse.c 2010-01-26 12:56:33.885170530 -0600
+@@ -2330,6 +2330,9 @@
+ return XML_ERROR_UNCLOSED_TOKEN;
+ case XML_TOK_PARTIAL_CHAR:
+ return XML_ERROR_PARTIAL_CHAR;
++ case -XML_TOK_PROLOG_S:
++ tok = -tok;
++ break;
+ case XML_TOK_NONE:
+ #ifdef XML_DTD
+ if (enc != encoding)
only in patch2:
unchanged:
--- xmlrpc-c-1.06.27.orig/debian/patches/CVE-2009-3720.patch
+++ xmlrpc-c-1.06.27/debian/patches/CVE-2009-3720.patch
@@ -0,0 +1,15 @@
+Description: DoS via malformed XML (CVE-2009-3720)
+Origin: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13
+
+diff -Nur xmlrpc-c-1.06.27/lib/expat/xmltok/xmltok_impl.c xmlrpc-c-1.06.27.new/lib/expat/xmltok/xmltok_impl.c
+--- xmlrpc-c-1.06.27/lib/expat/xmltok/xmltok_impl.c 2006-07-11 21:00:38.000000000 -0500
++++ xmlrpc-c-1.06.27.new/lib/expat/xmltok/xmltok_impl.c 2010-01-26 12:55:26.395172892 -0600
+@@ -1737,7 +1737,7 @@
+ const char *end,
+ POSITION *pos)
+ {
+- while (ptr != end) {
++ while (ptr < end) {
+ switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+ case BT_LEAD ## n: \
