Описание
Security update for libxml2
This update for libxml2 fixes one issue.
This security issue was fixed:
- CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)
- CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)
- CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libxml2-2-2.9.4-46.12.1
libxml2-2-32bit-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP3
libxml2-2-2.9.4-46.12.1
libxml2-2-32bit-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Server 12 SP2
libxml2-2-2.9.4-46.12.1
libxml2-2-32bit-2.9.4-46.12.1
libxml2-doc-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Server 12 SP3
libxml2-2-2.9.4-46.12.1
libxml2-2-32bit-2.9.4-46.12.1
libxml2-doc-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libxml2-2-2.9.4-46.12.1
libxml2-doc-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libxml2-2-2.9.4-46.12.1
libxml2-2-32bit-2.9.4-46.12.1
libxml2-doc-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libxml2-2-2.9.4-46.12.1
libxml2-2-32bit-2.9.4-46.12.1
libxml2-doc-2.9.4-46.12.1
libxml2-tools-2.9.4-46.12.1
python-libxml2-2.9.4-46.12.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libxml2-devel-2.9.4-46.12.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libxml2-devel-2.9.4-46.12.1
Ссылки
- Link for SUSE-SU-2018:0401-1
- E-Mail link for SUSE-SU-2018:0401-1
- SUSE Security Ratings
- SUSE Bug 1077993
- SUSE Bug 1078806
- SUSE Bug 1078813
- SUSE CVE CVE-2016-5131 page
- SUSE CVE CVE-2017-15412 page
- SUSE CVE CVE-2017-5130 page
Описание
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libxml2-2-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:libxml2-2-32bit-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:libxml2-tools-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:python-libxml2-2.9.4-46.12.1
Ссылки
- CVE-2016-5131
- SUSE Bug 1014873
- SUSE Bug 1069433
- SUSE Bug 1078813
- SUSE Bug 1123919
- SUSE Bug 989901
Описание
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libxml2-2-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:libxml2-2-32bit-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:libxml2-tools-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:python-libxml2-2.9.4-46.12.1
Ссылки
- CVE-2017-15412
- SUSE Bug 1071691
- SUSE Bug 1077993
- SUSE Bug 1123129
- SUSE Bug 1123919
Описание
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libxml2-2-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:libxml2-2-32bit-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:libxml2-tools-2.9.4-46.12.1
SUSE Linux Enterprise Desktop 12 SP2:python-libxml2-2.9.4-46.12.1
Ссылки
- CVE-2017-5130
- SUSE Bug 1064066
- SUSE Bug 1064089
- SUSE Bug 1078806
- SUSE Bug 1123129
- SUSE Bug 1123919