Описание
Security update for xmltooling
This update for xmltooling fixes the following issue:
Security issue fixed:
- CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537).
Список пакетов
SUSE Linux Enterprise Server 12 SP3
libxmltooling6-1.5.6-3.9.1
xmltooling-schemas-1.5.6-3.9.1
SUSE Linux Enterprise Server 12 SP4
libxmltooling6-1.5.6-3.9.1
xmltooling-schemas-1.5.6-3.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libxmltooling6-1.5.6-3.9.1
xmltooling-schemas-1.5.6-3.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libxmltooling6-1.5.6-3.9.1
xmltooling-schemas-1.5.6-3.9.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libxmltooling-devel-1.5.6-3.9.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libxmltooling-devel-1.5.6-3.9.1
Ссылки
- Link for SUSE-SU-2019:0928-1
- E-Mail link for SUSE-SU-2019:0928-1
- SUSE Security Ratings
- SUSE Bug 1129537
- SUSE CVE CVE-2019-9628 page
Описание
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:libxmltooling6-1.5.6-3.9.1
SUSE Linux Enterprise Server 12 SP3:xmltooling-schemas-1.5.6-3.9.1
SUSE Linux Enterprise Server 12 SP4:libxmltooling6-1.5.6-3.9.1
SUSE Linux Enterprise Server 12 SP4:xmltooling-schemas-1.5.6-3.9.1
Ссылки
- CVE-2019-9628
- SUSE Bug 1129537