Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
Security issues fixed:
- CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337)
- CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:1670-1
- E-Mail link for SUSE-SU-2017:1670-1
- SUSE Security Ratings
- SUSE Bug 1024989
- SUSE Bug 1044337
- SUSE CVE CVE-2017-0663 page
- SUSE CVE CVE-2017-5969 page
Описание
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
Затронутые продукты
Ссылки
- CVE-2017-0663
- SUSE Bug 1044337
- SUSE Bug 1123919
Описание
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
Затронутые продукты
Ссылки
- CVE-2017-5969
- SUSE Bug 1024989
- SUSE Bug 1123919