SUSE-SU-2016:0178-1

Опубликовано: 20 янв. 2016

Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following security issue:

CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674)

Список пакетов

SUSE Linux Enterprise Desktop 12

libxml2-2-2.9.1-17.1

libxml2-2-32bit-2.9.1-17.1

libxml2-tools-2.9.1-17.1

python-libxml2-2.9.1-17.1

SUSE Linux Enterprise Desktop 12 SP1

libxml2-2-2.9.1-17.1

libxml2-2-32bit-2.9.1-17.1

libxml2-tools-2.9.1-17.1

python-libxml2-2.9.1-17.1

SUSE Linux Enterprise Server 12

libxml2-2-2.9.1-17.1

libxml2-2-32bit-2.9.1-17.1

libxml2-doc-2.9.1-17.1

libxml2-tools-2.9.1-17.1

python-libxml2-2.9.1-17.1

SUSE Linux Enterprise Server 12 SP1

libxml2-2-2.9.1-17.1

libxml2-2-32bit-2.9.1-17.1

libxml2-doc-2.9.1-17.1

libxml2-tools-2.9.1-17.1

python-libxml2-2.9.1-17.1

SUSE Linux Enterprise Server for SAP Applications 12

libxml2-2-2.9.1-17.1

libxml2-2-32bit-2.9.1-17.1

libxml2-doc-2.9.1-17.1

libxml2-tools-2.9.1-17.1

python-libxml2-2.9.1-17.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

libxml2-2-2.9.1-17.1

libxml2-2-32bit-2.9.1-17.1

libxml2-doc-2.9.1-17.1

libxml2-tools-2.9.1-17.1

python-libxml2-2.9.1-17.1

SUSE Linux Enterprise Software Development Kit 12

libxml2-devel-2.9.1-17.1

SUSE Linux Enterprise Software Development Kit 12 SP1

libxml2-devel-2.9.1-17.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20160178-1/
Link for SUSE-SU-2016:0178-1
https://lists.suse.com/pipermail/sle-security-updates/2016-January/001814.html
E-Mail link for SUSE-SU-2016:0178-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/960674
SUSE Bug 960674
https://www.suse.com/security/cve/CVE-2015-8710/
SUSE CVE CVE-2015-8710 page

Описание

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-17.1

SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-17.1

SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-17.1

SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-17.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8710.html
CVE-2015-8710
https://bugzilla.suse.com/1123919
SUSE Bug 1123919
https://bugzilla.suse.com/960674
SUSE Bug 960674
https://bugzilla.suse.com/969769
SUSE Bug 969769

SUSE-SU-2016:0178-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12

SUSE Linux Enterprise Desktop 12 SP1

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Software Development Kit 12 SP1

Ссылки

Уязвимость: CVE-2015-8710

Описание

Затронутые продукты

Ссылки