Описание
Security update for netcdf
This update for netcdf fixes the following issues:
- Fixed multiple vulnerabilities in ezXML:
CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202,
CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221,
CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347,
CVE-2021-31348, CVE-2021-31598 (bsc#1191856)
Note:
- CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used.
- CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream.
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
Ссылки
- Link for SUSE-SU-2021:3815-1
- E-Mail link for SUSE-SU-2021:3815-1
- SUSE Security Ratings
- SUSE Bug 1191856
- SUSE CVE CVE-2019-20005 page
- SUSE CVE CVE-2019-20006 page
- SUSE CVE CVE-2019-20007 page
- SUSE CVE CVE-2019-20198 page
- SUSE CVE CVE-2019-20199 page
- SUSE CVE CVE-2019-20200 page
- SUSE CVE CVE-2019-20201 page
- SUSE CVE CVE-2019-20202 page
- SUSE CVE CVE-2021-26220 page
- SUSE CVE CVE-2021-26221 page
- SUSE CVE CVE-2021-26222 page
- SUSE CVE CVE-2021-30485 page
- SUSE CVE CVE-2021-31229 page
- SUSE CVE CVE-2021-31347 page
- SUSE CVE CVE-2021-31348 page
- SUSE CVE CVE-2021-31598 page
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
Затронутые продукты
Ссылки
- CVE-2019-20005
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
Затронутые продукты
Ссылки
- CVE-2019-20006
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
Затронутые продукты
Ссылки
- CVE-2019-20007
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
Затронутые продукты
Ссылки
- CVE-2019-20198
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
Затронутые продукты
Ссылки
- CVE-2019-20199
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
Затронутые продукты
Ссылки
- CVE-2019-20200
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
Затронутые продукты
Ссылки
- CVE-2019-20201
- SUSE Bug 1191856
Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
Затронутые продукты
Ссылки
- CVE-2019-20202
- SUSE Bug 1191856
Описание
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
Затронутые продукты
Ссылки
- CVE-2021-26220
- SUSE Bug 1191856
Описание
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
Затронутые продукты
Ссылки
- CVE-2021-26221
- SUSE Bug 1191856
Описание
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
Затронутые продукты
Ссылки
- CVE-2021-26222
- SUSE Bug 1191856
Описание
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
Затронутые продукты
Ссылки
- CVE-2021-30485
- SUSE Bug 1191856
Описание
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
Затронутые продукты
Ссылки
- CVE-2021-31229
- SUSE Bug 1191856
Описание
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
Затронутые продукты
Ссылки
- CVE-2021-31347
- SUSE Bug 1191856
Описание
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
Затронутые продукты
Ссылки
- CVE-2021-31348
- SUSE Bug 1191856
Описание
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2021-31598
- SUSE Bug 1191856