Описание
Security update for libplist
This update for libplist fixes the following issues:
- CVE-2015-10082: Fixed XXEsecurity vulnerability with XML plists (bsc#1208546).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libplist3-1.12-20.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libplist3-1.12-20.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libplist++-devel-1.12-20.6.1
libplist++3-1.12-20.6.1
libplist-devel-1.12-20.6.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libplist++3-1.12-20.6.1
Ссылки
- Link for SUSE-SU-2023:0872-1
- E-Mail link for SUSE-SU-2023:0872-1
- SUSE Security Ratings
- SUSE Bug 1208546
- SUSE CVE CVE-2015-10082 page
Описание
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libplist3-1.12-20.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libplist3-1.12-20.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libplist++-devel-1.12-20.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libplist++3-1.12-20.6.1
Ссылки
- CVE-2015-10082
- SUSE Bug 1208546