Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1813-1

Опубликовано: 07 июл. 2017
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

Security issues fixed:

  • CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337)
  • CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989)
  • CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894)
  • CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libxml2-2.7.6-0.76.1
libxml2-32bit-2.7.6-0.76.1
libxml2-doc-2.7.6-0.76.1
libxml2-python-2.7.6-0.76.4
libxml2-x86-2.7.6-0.76.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libxml2-2.7.6-0.76.1
libxml2-32bit-2.7.6-0.76.1
libxml2-doc-2.7.6-0.76.1
libxml2-python-2.7.6-0.76.4
libxml2-x86-2.7.6-0.76.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libxml2-devel-2.7.6-0.76.1
libxml2-devel-32bit-2.7.6-0.76.1

Ссылки

Описание

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxml2-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-32bit-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-doc-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-python-2.7.6-0.76.4
Ссылки

Описание

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxml2-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-32bit-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-doc-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-python-2.7.6-0.76.4
Ссылки

Описание

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxml2-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-32bit-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-doc-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-python-2.7.6-0.76.4
Ссылки

Описание

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxml2-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-32bit-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-doc-2.7.6-0.76.1
SUSE Linux Enterprise Server 11 SP4:libxml2-python-2.7.6-0.76.4
Ссылки