Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libxml2-2-2.9.4-46.59.2
Container suse/sles12sp4:latest
libxml2-2-2.9.4-46.59.2
Container suse/sles12sp5:latest
libxml2-2-2.9.4-46.59.2
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-Azure-BYOS
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-Azure-Basic-On-Demand
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-Azure-HPC-BYOS
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-Azure-HPC-On-Demand
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-Azure-SAP-BYOS
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-Azure-SAP-On-Demand
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-Azure-Standard-On-Demand
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-EC2-BYOS
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-EC2-ECS-On-Demand
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-EC2-On-Demand
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-EC2-SAP-BYOS
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-EC2-SAP-On-Demand
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-GCE-BYOS
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-GCE-On-Demand
libxml2-2-2.9.4-46.59.2
Image SLES12-SP5-GCE-SAP-BYOS
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-GCE-SAP-On-Demand
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libxml2-2-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
SUSE Linux Enterprise Server 12 SP2-BCL
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12 SP3-BCL
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12 SP4-LTSS
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server 12 SP5
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE Linux Enterprise Software Development Kit 12 SP5
libxml2-devel-2.9.4-46.59.2
SUSE OpenStack Cloud 9
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
SUSE OpenStack Cloud Crowbar 9
libxml2-2-2.9.4-46.59.2
libxml2-2-32bit-2.9.4-46.59.2
libxml2-doc-2.9.4-46.59.2
libxml2-tools-2.9.4-46.59.2
python-libxml2-2.9.4-46.59.3
Ссылки
- Link for SUSE-SU-2022:3717-1
- E-Mail link for SUSE-SU-2022:3717-1
- SUSE Security Ratings
- SUSE Bug 1201978
- SUSE Bug 1204366
- SUSE Bug 1204367
- SUSE CVE CVE-2016-3709 page
- SUSE CVE CVE-2022-40303 page
- SUSE CVE CVE-2022-40304 page
Описание
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.59.2
Container suse/sles12sp4:latest:libxml2-2-2.9.4-46.59.2
Container suse/sles12sp5:latest:libxml2-2-2.9.4-46.59.2
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libxml2-2-2.9.4-46.59.2
Ссылки
- CVE-2016-3709
- SUSE Bug 1201978
Описание
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.59.2
Container suse/sles12sp4:latest:libxml2-2-2.9.4-46.59.2
Container suse/sles12sp5:latest:libxml2-2-2.9.4-46.59.2
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libxml2-2-2.9.4-46.59.2
Ссылки
- CVE-2022-40303
- SUSE Bug 1204366
- SUSE Bug 1204807
- SUSE Bug 1205549
- SUSE Bug 1206241
- SUSE Bug 1206248
Описание
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.59.2
Container suse/sles12sp4:latest:libxml2-2-2.9.4-46.59.2
Container suse/sles12sp5:latest:libxml2-2-2.9.4-46.59.2
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libxml2-2-2.9.4-46.59.2
Ссылки
- CVE-2022-40304
- SUSE Bug 1204367
- SUSE Bug 1205069
- SUSE Bug 1205549
- SUSE Bug 1206241
- SUSE Bug 1206248
- SUSE Bug 1208343