Описание
Security update for Xerces-c
This update for Xerces-c fixes the following issues:
- CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630).
- CVE-2016-4463: Prevent stack-based buffer overflow that allowed context-dependent attackers to cause a denial of service via a deeply nested DTD (bsc#985860).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
Xerces-c-2.8.0-29.17.5.1
libXerces-c-devel-2.8.0-29.17.5.1
libXerces-c28-2.8.0-29.17.5.1
Ссылки
- Link for SUSE-SU-2018:3277-1
- E-Mail link for SUSE-SU-2018:3277-1
- SUSE Security Ratings
- SUSE Bug 1083630
- SUSE Bug 985860
- SUSE CVE CVE-2016-4463 page
- SUSE CVE CVE-2017-12627 page
Описание
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:Xerces-c-2.8.0-29.17.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libXerces-c-devel-2.8.0-29.17.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libXerces-c28-2.8.0-29.17.5.1
Ссылки
- CVE-2016-4463
- SUSE Bug 985860
Описание
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:Xerces-c-2.8.0-29.17.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libXerces-c-devel-2.8.0-29.17.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libXerces-c28-2.8.0-29.17.5.1
Ссылки
- CVE-2017-12627
- SUSE Bug 1083630