Overview
Request 956337 accepted
- update to 2.4.6 (bsc#1196168, CVE-2022-25313):
* Bug fixes:
- Fix a regression introduced by the fix for CVE-2022-25313
in release 2.4.5 that affects applications that (1)
call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations
(e.g. "").
- Version info bumped from 9:5:8 to 9:6:8;
see https://verbump.de/ for what these numbers do.
- update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168,
bsc#1196026, bsc#1196025):
* Security fixes:
- CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
- CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
- CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
- Created by pmonrealgonzalez
- In state accepted
- Supersedes 956327
Request History
pmonrealgonzalez created request
- update to 2.4.6 (bsc#1196168, CVE-2022-25313):
* Bug fixes:
- Fix a regression introduced by the fix for CVE-2022-25313
in release 2.4.5 that affects applications that (1)
call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations
(e.g. "").
- Version info bumped from 9:5:8 to 9:6:8;
see https://verbump.de/ for what these numbers do.
- update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168,
bsc#1196026, bsc#1196025):
* Security fixes:
- CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
- CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
- CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar_suse set openSUSE:Factory:Staging:A as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:A"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:A"
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:A got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:A got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:A got accepted.
Seems to be the candidate to break python
[ 1415s] Traceback (most recent call last): [ 1415s] File "/home/abuild/rpmbuild/BUILD/Python-3.8.12/Lib/test/test_minidom.py", line 1150, in testEncodings [ 1415s] self.assertRaises(UnicodeDecodeError, parseString, [ 1415s] File "/home/abuild/rpmbuild/BUILD/Python-3.8.12/Lib/unittest/case.py", line 816, in assertRaises [ 1415s] return context.handle('assertRaises', args, kwargs) [ 1415s] File "/home/abuild/rpmbuild/BUILD/Python-3.8.12/Lib/unittest/case.py", line 202, in handle [ 1415s] callable_obj(*args, **kwargs) [ 1415s] File "/home/abuild/rpmbuild/BUILD/Python-3.8.12/Lib/xml/dom/minidom.py", line 1969, in parseString [ 1415s] return expatbuilder.parseString(string) [ 1415s] File "/home/abuild/rpmbuild/BUILD/Python-3.8.12/Lib/xml/dom/expatbuilder.py", line 925, in parseString [ 1415s] return builder.parseString(string) [ 1415s] File "/home/abuild/rpmbuild/BUILD/Python-3.8.12/Lib/xml/dom/expatbuilder.py", line 223, in parseString [ 1415s] parser.Parse(string, True) [ 1415s] xml.parsers.expat.ExpatError: not well-formed (invalid token): line 1, column 5It's a python bug for anything >=2.4.4:
And here is why the tests fail:
Cc @mcepl
And here is why the tests fail:
We need fixes for all our python 3x interpreters