code.ossystems Code Review - openembedded-core.git/commit

author	Sinan Kaya <okaya@kernel.org>
	Fri, 5 Oct 2018 00:39:07 +0000 (00:39 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 18 Oct 2018 10:08:45 +0000 (11:08 +0100)
commit	06d7f9039b005c2112e28336ac1c30e5120ec815
tree	f46361933b2af9e302cd724514b24b759320e984	tree \| snapshot
parent	759290ed5fedc1ce10639b3584d4532d688ea714	commit \| diff

libxml2: CVE-2018-14404

* CVE-2018-14404
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval()
function of libxml2 when parsing invalid XPath expression. Applications processing
untrusted XSL format inputs with the use of libxml2 library may be vulnerable to
denial of service attack due to crash of the application.

Affects libxml <= 2.9.8

CVE: CVE-2018-14404
Ref: https://access.redhat.com/security/cve/cve-2018-14404

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-core/libxml/libxml2/CVE-2018-14404.patch	[new file with mode: 0644]	blob
meta/recipes-core/libxml/libxml2_2.9.7.bb		diff \| blob \| history