Описание
Recommended update for libxml2
This update for libxml2 fixes an issue when processing external entities introduced with the fix for CVE-2014-0191.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libxml2-2.7.6-0.47.1
libxml2-32bit-2.7.6-0.47.1
libxml2-doc-2.7.6-0.47.1
libxml2-python-2.7.6-0.47.3
libxml2-x86-2.7.6-0.47.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libxml2-2.7.6-0.47.1
libxml2-32bit-2.7.6-0.47.1
libxml2-doc-2.7.6-0.47.1
libxml2-python-2.7.6-0.47.3
libxml2-x86-2.7.6-0.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libxml2-devel-2.7.6-0.47.1
libxml2-devel-32bit-2.7.6-0.47.1
Ссылки
- Link for SUSE-RU-2016:2413-1
- E-Mail link for SUSE-RU-2016:2413-1
- SUSE Security Ratings
- SUSE Bug 996079
- SUSE CVE CVE-2014-0191 page
Описание
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxml2-2.7.6-0.47.1
SUSE Linux Enterprise Server 11 SP4:libxml2-32bit-2.7.6-0.47.1
SUSE Linux Enterprise Server 11 SP4:libxml2-doc-2.7.6-0.47.1
SUSE Linux Enterprise Server 11 SP4:libxml2-python-2.7.6-0.47.3
Ссылки
- CVE-2014-0191
- SUSE Bug 1014873
- SUSE Bug 1123919
- SUSE Bug 876652
- SUSE Bug 877506
- SUSE Bug 996079