Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240)
- CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP3
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Server 12 SP2
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Server 12 SP3
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
expat-2.1.0-21.3.1
libexpat1-2.1.0-21.3.1
libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libexpat-devel-2.1.0-21.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libexpat-devel-2.1.0-21.3.1
Ссылки
- Link for SUSE-SU-2017:2299-1
- E-Mail link for SUSE-SU-2017:2299-1
- SUSE Security Ratings
- SUSE Bug 1047236
- SUSE Bug 1047240
- SUSE CVE CVE-2016-9063 page
- SUSE CVE CVE-2017-9233 page
Описание
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP3:expat-2.1.0-21.3.1
Ссылки
- CVE-2016-9063
- SUSE Bug 1009026
- SUSE Bug 1010424
- SUSE Bug 1047240
- SUSE Bug 1123115
Описание
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-21.3.1
SUSE Linux Enterprise Desktop 12 SP3:expat-2.1.0-21.3.1
Ссылки
- CVE-2017-9233
- SUSE Bug 1030296
- SUSE Bug 1047236
- SUSE Bug 1073350
- SUSE Bug 1123115
- SUSE Bug 983216