Описание
Security update for expat
This update for expat fixes the following issues:
Security issue fixed:
- CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441)
- CVE-2015-1283: Fix multiple integer overflows. (bnc#980391)
Список пакетов
SUSE Linux Enterprise Desktop 12
expat-2.1.0-17.1
libexpat1-2.1.0-17.1
libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Desktop 12 SP1
expat-2.1.0-17.1
libexpat1-2.1.0-17.1
libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Server 12
expat-2.1.0-17.1
libexpat1-2.1.0-17.1
libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Server 12 SP1
expat-2.1.0-17.1
libexpat1-2.1.0-17.1
libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Server for SAP Applications 12
expat-2.1.0-17.1
libexpat1-2.1.0-17.1
libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
expat-2.1.0-17.1
libexpat1-2.1.0-17.1
libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Software Development Kit 12
libexpat-devel-2.1.0-17.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libexpat-devel-2.1.0-17.1
Ссылки
- Link for SUSE-SU-2016:1508-1
- E-Mail link for SUSE-SU-2016:1508-1
- SUSE Security Ratings
- SUSE Bug 979441
- SUSE Bug 980391
- SUSE CVE CVE-2015-1283 page
- SUSE CVE CVE-2016-0718 page
Описание
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-17.1
SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-17.1
SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Desktop 12:expat-2.1.0-17.1
Ссылки
- CVE-2015-1283
- SUSE Bug 1034050
- SUSE Bug 939077
- SUSE Bug 979441
- SUSE Bug 980391
- SUSE Bug 983985
Описание
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-17.1
SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-17.1
SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-17.1
SUSE Linux Enterprise Desktop 12:expat-2.1.0-17.1
Ссылки
- CVE-2016-0718
- SUSE Bug 979441
- SUSE Bug 991809