20 Aug 20:48
Fwd: [xml] Security fix for libxml2
From: Stefan Behnel <stefan_ml <at> behnel.de>
Subject: Fwd: [xml] Security fix for libxml2
Newsgroups: gmane.comp.python.lxml.devel
Date: 2008-08-20 18:50:26 GMT
Subject: Fwd: [xml] Security fix for libxml2
Newsgroups: gmane.comp.python.lxml.devel
Date: 2008-08-20 18:50:26 GMT
FYI -------- Original-Message -------- Subject: [xml] Security fix for libxml2 Date: Wed, 20 Aug 2008 19:00:51 +0200 From: Daniel Veillard <veillard <at> redhat.com> To: xml <at> gnome.org Bad news, when checking against recursive entities expansion problem back when it was made official (c.f. the billion laught attack circa 2004) I had checked for the normal recursion, but when happening in an attribute value the resource consumption is way faster and the recursion detection in place is not sufficient to catch the problem. Basically when this happen within an attribute just checking for a recursion depth is not sufficient, and the only good method I could find was to count the number of entities replacement taking place while parsing a given document, and drop parsing after half a million substitution. I think it's a fair default process and what the patches below implements for various libxml2 versions, but i can understand that in some case that may be problematic. So i intend in the next release (2.7.0 hopefully available soon) to add a parser flag removing the hardcoded limits (there is also a maximum document depth in place). Distributions have been made aware of the problem for a couple of weeks and updates should be available soon from normal update channels I'm updating SVN with the fix too, Daniel(Continue reading)
RSS Feed