Описание
Security update for libxml2
This update for libxml2 fixes the following security issue:
- CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
SUSE Linux Enterprise Desktop 11 SP4
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
SUSE Linux Enterprise Server 11 SP3
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-doc-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
libxml2-x86-2.7.6-0.37.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-doc-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
libxml2-x86-2.7.6-0.37.1
SUSE Linux Enterprise Server 11 SP4
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-doc-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
libxml2-x86-2.7.6-0.37.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-doc-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
libxml2-x86-2.7.6-0.37.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libxml2-2.7.6-0.37.1
libxml2-32bit-2.7.6-0.37.1
libxml2-doc-2.7.6-0.37.1
libxml2-python-2.7.6-0.37.4
libxml2-x86-2.7.6-0.37.1
SUSE Linux Enterprise Software Development Kit 11 SP3
libxml2-devel-2.7.6-0.37.1
libxml2-devel-32bit-2.7.6-0.37.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libxml2-devel-2.7.6-0.37.1
libxml2-devel-32bit-2.7.6-0.37.1
Ссылки
- Link for SUSE-SU-2016:0187-1
- E-Mail link for SUSE-SU-2016:0187-1
- SUSE Security Ratings
- SUSE Bug 960674
- SUSE CVE CVE-2015-8710 page
Описание
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libxml2-2.7.6-0.37.1
SUSE Linux Enterprise Desktop 11 SP3:libxml2-32bit-2.7.6-0.37.1
SUSE Linux Enterprise Desktop 11 SP3:libxml2-python-2.7.6-0.37.4
SUSE Linux Enterprise Desktop 11 SP4:libxml2-2.7.6-0.37.1
Ссылки
- CVE-2015-8710
- SUSE Bug 1123919
- SUSE Bug 960674
- SUSE Bug 969769