Commit f2241320 authored by William Blough's avatar William Blough

Fix CVE-2017-12627

Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
  Offensive Research discovered that the Xerces-C XML parser mishandles
  certain kinds of external DTD references, resulting in dereference of a
  NULL pointer while processing the path to the DTD. The bug allows for a
  denial of service attack in applications that allow DTD processing and do
  not prevent external DTD usage, and could conceivably result in remote code
  execution.
parent 9ca0e1e6
xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
-- William Blough <devel@blough.us> Thu, 26 Apr 2018 00:28:32 -0400
xerces-c (3.1.1-5.1+deb8u3) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
......
From: Markus Koschany <apo@debian.org>
Date: Thu, 29 Mar 2018 20:58:48 +0200
Subject: CVE-2017-12627
Origin: https://svn.apache.org/viewvc?view=revision&revision=1819998
Upstream-Advisory: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
---
src/xercesc/util/PlatformUtils.cpp | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/xercesc/util/PlatformUtils.cpp b/src/xercesc/util/PlatformUtils.cpp
index eee1dc5..39c71ac 100644
--- a/src/xercesc/util/PlatformUtils.cpp
+++ b/src/xercesc/util/PlatformUtils.cpp
@@ -920,7 +920,10 @@ XMLCh* XMLPlatformUtils::weavePaths(const XMLCh* const basePath
XMLString::subString(tmpBuf, basePath, 0, (basePtr - basePath + 1), manager);
tmpBuf[basePtr - basePath + 1] = 0;
- XMLString::catString(tmpBuf, relativePath);
+ if (relativePath)
+ {
+ XMLString::catString(tmpBuf, relativePath);
+ }
removeDotSlash(tmpBuf, manager);
......@@ -4,3 +4,4 @@ CVE-2016-0729.patch
CVE-2016-2099.patch
CVE-2016-4463.patch
disable-DTD-processing-through-envvariable.patch
CVE-2017-12627.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment