Описание
Security update for libxml2
This update for libxml2 fixes the following security issues:
- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].
- CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395].
- CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040].
- CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].
- CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108].
- CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109].
- CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111].
- CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112].
- CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115].
- CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548].
- CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549],
- CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550].
- CVE-2016-3705: Fixed missing increment of recursion counter.
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
SUSE Manager Proxy 2.1
SUSE OpenStack Cloud 5
Ссылки
- Link for SUSE-SU-2016:1604-1
- E-Mail link for SUSE-SU-2016:1604-1
- SUSE Security Ratings
- SUSE Bug 963963
- SUSE Bug 965283
- SUSE Bug 978395
- SUSE Bug 981040
- SUSE Bug 981041
- SUSE Bug 981108
- SUSE Bug 981109
- SUSE Bug 981111
- SUSE Bug 981112
- SUSE Bug 981114
- SUSE Bug 981115
- SUSE Bug 981548
- SUSE Bug 981549
- SUSE Bug 981550
- SUSE CVE CVE-2015-8806 page
- SUSE CVE CVE-2016-1762 page
- SUSE CVE CVE-2016-1833 page
Описание
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
Затронутые продукты
Ссылки
- CVE-2015-8806
- SUSE Bug 963963
- SUSE Bug 965283
- SUSE Bug 981114
Описание
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1762
- SUSE Bug 1123919
- SUSE Bug 981040
Описание
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1833
- SUSE Bug 1123919
- SUSE Bug 981108
Описание
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1834
- SUSE Bug 1123919
- SUSE Bug 981041
Описание
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1835
- SUSE Bug 1123919
- SUSE Bug 981109
Описание
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1837
- SUSE Bug 1123919
- SUSE Bug 981111
Описание
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1838
- SUSE Bug 1123919
- SUSE Bug 981112
Описание
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1839
- SUSE Bug 1039069
- SUSE Bug 1039661
- SUSE Bug 1069433
- SUSE Bug 1069690
- SUSE Bug 1123919
- SUSE Bug 963963
- SUSE Bug 981114
Описание
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-1840
- SUSE Bug 1123919
- SUSE Bug 981115
Описание
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
Затронутые продукты
Ссылки
- CVE-2016-2073
- SUSE Bug 963963
Описание
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
Затронутые продукты
Ссылки
- CVE-2016-3705
- SUSE Bug 1017497
- SUSE Bug 1123919
- SUSE Bug 975947
Описание
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
Затронутые продукты
Ссылки
- CVE-2016-4447
- SUSE Bug 1123919
- SUSE Bug 981548
Описание
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-4448
- SUSE Bug 1010299
- SUSE Bug 1123919
- SUSE Bug 981549
Описание
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-4449
- SUSE Bug 1123919
- SUSE Bug 981550
Описание
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
Затронутые продукты
Ссылки
- CVE-2016-4483
- SUSE Bug 1026101
- SUSE Bug 1123919
- SUSE Bug 978395