Описание
Security update for libyang
This update for libyang fixes the following issues:
- CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service (bsc#1186377).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP3
libyang-extentions-1.0.184-150300.3.3.1
libyang1-1.0.184-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
libyang-extentions-1.0.184-150300.3.3.1
libyang1-1.0.184-150300.3.3.1
openSUSE Leap 15.3
libyang-cpp-devel-1.0.184-150300.3.3.1
libyang-cpp1-1.0.184-150300.3.3.1
libyang-devel-1.0.184-150300.3.3.1
libyang-doc-1.0.184-150300.3.3.1
libyang-extentions-1.0.184-150300.3.3.1
libyang1-1.0.184-150300.3.3.1
python3-yang-1.0.184-150300.3.3.1
yang-tools-1.0.184-150300.3.3.1
openSUSE Leap 15.4
libyang-cpp-devel-1.0.184-150300.3.3.1
libyang-cpp1-1.0.184-150300.3.3.1
libyang-devel-1.0.184-150300.3.3.1
libyang-doc-1.0.184-150300.3.3.1
libyang-extentions-1.0.184-150300.3.3.1
libyang1-1.0.184-150300.3.3.1
python3-yang-1.0.184-150300.3.3.1
yang-tools-1.0.184-150300.3.3.1
Ссылки
- Link for SUSE-SU-2022:2922-1
- E-Mail link for SUSE-SU-2022:2922-1
- SUSE Security Ratings
- SUSE Bug 1186377
- SUSE CVE CVE-2021-28905 page
Описание
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:libyang-extentions-1.0.184-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libyang1-1.0.184-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:libyang-extentions-1.0.184-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:libyang1-1.0.184-150300.3.3.1
Ссылки
- CVE-2021-28905
- SUSE Bug 1186377