advisories/20593.adv

type: security
subject: Updated mxml packages fix security vulnerability
CVE:
 - CVE-2016-4570
 - CVE-2016-4571
src:
  5:
   core:
     - mxml-2.7-6.1.mga5
description: |
  Two stack exhaustion issues based on uncontrolled recursion were found in
  mxml. A maliciously crafted xml file can cause the application to crash.

  * Recursion using mxmlDelete at mxml-node.c:217 (reproducer is
    stack-exhaustion-1.xml CVE-2016-4570).

  * Recursion using mxml_write_node at mxml-file.c:2739 (reproducer is
    stack-exhaustion-2.xml CVE-2016-4571).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20593
 - https://bugzilla.redhat.com/show_bug.cgi?id=1334648
 - https://lists.opensuse.org/opensuse-updates/2017-03/msg00081.html
 - http://seclists.org/oss-sec/2016/q2/276
ID: MGASA-2017-0103
1	type: security
2	subject: Updated mxml packages fix security vulnerability
3	CVE:
4	- CVE-2016-4570
5	- CVE-2016-4571
6	src:
7	5:
8	core:
9	- mxml-2.7-6.1.mga5
10	description: \|
11	Two stack exhaustion issues based on uncontrolled recursion were found in
12	mxml. A maliciously crafted xml file can cause the application to crash.
13
14	* Recursion using mxmlDelete at mxml-node.c:217 (reproducer is
15	stack-exhaustion-1.xml CVE-2016-4570).
16
17	* Recursion using mxml_write_node at mxml-file.c:2739 (reproducer is
18	stack-exhaustion-2.xml CVE-2016-4571).
19	references:
20	- https://bugs.mageia.org/show_bug.cgi?id=20593
21	- https://bugzilla.redhat.com/show_bug.cgi?id=1334648
22	- https://lists.opensuse.org/opensuse-updates/2017-03/msg00081.html
23	- http://seclists.org/oss-sec/2016/q2/276
24	ID: MGASA-2017-0103