Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

bpo-30610: [Security] Python's libexpat vulnerable to CVE-2016-0718#2021

Closed
matrixise wants to merge 1 commit into
python:masterpython/cpython:masterfrom
matrixise:bpo-30610matrixise/cpython:bpo-30610Copy head branch name to clipboard
Closed

bpo-30610: [Security] Python's libexpat vulnerable to CVE-2016-0718#2021
matrixise wants to merge 1 commit into
python:masterpython/cpython:masterfrom
matrixise:bpo-30610matrixise/cpython:bpo-30610Copy head branch name to clipboard

Conversation

@matrixise

@matrixise matrixise commented Jun 9, 2017

Copy link
Copy Markdown
Member

CVE-2016-0718: Expat allows context-dependent attackers to cause a
denial of service (crash) or possibly execute arbitrary code via a
malformed input document, which triggers a buffer overflow.

https://nvd.nist.gov/vuln/detail/CVE-2016-0718

Upgrade to Expat 2.2.0, which is not vulnerable

https://github.com/libexpat/libexpat/blob/R_2_2_0/expat/Changes

Read the description: https://bugs.python.org/issue30610

@vstinner vstinner added the type-security A security issue label Jun 9, 2017
@vstinner

vstinner commented Jun 9, 2017

Copy link
Copy Markdown
Member

Please add an entry in Misc/NEWS, you may add [Security] prefix in your message.

@matrixise matrixise changed the title bpo-30610: Python's libexpat vulnerable to CVE-2016-0718 bpo-30610: [Security] Python's libexpat vulnerable to CVE-2016-0718 Jun 9, 2017
@matrixise
bpo-30610: [Security] Python's libexpat vulnerable to CVE-2016-0718
d10bccc 
CVE-2016-0718: Expat allows context-dependent attackers to cause a
denial of service (crash) or possibly execute arbitrary code via a
malformed input document, which triggers a buffer overflow.

https://nvd.nist.gov/vuln/detail/CVE-2016-0718

Upgrade to Expat 2.2.0, which is not vulnerable

https://github.com/libexpat/libexpat/blob/R_2_2_0/expat/Changes

Read the description: https://bugs.python.org/issue30610
@matrixise

matrixise commented Jun 9, 2017

Copy link
Copy Markdown
Member Author

@Haypo fixed with Misc/NEWS, please could you review ? thanks

@matrixise

matrixise commented Jun 9, 2017

Copy link
Copy Markdown
Member Author

For the update of this library, just clone the repository and use the tag R_2_2_0
this tag contains the fix for CVE-2016-0718.

now, there is no experts (in https://github.com/python/devguide/blob/master/experts.rst#stdlib) for the xml.parsers.expat module, and in this case, I am not sure about this update, but all the tests passed.

git clone https://github.com/libexpat/libexpat
cd libexpat
git checkout R_2_2_0
cp expat/lib/*.{c,h} ~/cpython/Modules/expat/

@matrixise matrixise mentioned this pull request Jun 13, 2017
Merged
@matrixise

matrixise commented Jun 14, 2017

Copy link
Copy Markdown
Member Author

I close this PR because the PR #2164 of @Haypo has a better solution to this issue.

@matrixise matrixise closed this Jun 14, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type-security A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matrixise @vstinner @the-knights-who-say-ni
Morty Proxy This is a proxified and sanitized view of the page, visit original site.