SUSE-SU-2023:2048-1

Опубликовано: 26 апр. 2023

Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).

The following non-security bugs were fixed:
Added W3C conformance tests to the testsuite (bsc#1204585).
Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .

Список пакетов

Container caasp/v4/cilium-operator:1.6.6

libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/cilium:1.6.6

libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/helm-tiller:2.16.12

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/grafana:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/haproxy:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/keepalived:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/prometheus-alertmanager:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/prometheus-node-exporter:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/prometheus-server:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/cephcsi/cephcsi:latest

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/cephcsi/csi-attacher:v4.1.0

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/cephcsi/csi-provisioner:v3.4.0

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/cephcsi/csi-resizer:v1.7.0

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1

libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/rook/ceph:latest

libxml2-2-2.9.7-150000.3.57.1

Container suse/ltss/sle15.3/bci-base:latest

libxml2-2-2.9.7-150000.3.57.1

Container suse/sle-micro-rancher/5.2:latest

libxml2-2-2.9.7-150000.3.57.1

Container suse/sle-micro/5.1/toolbox:latest

libxml2-2-2.9.7-150000.3.57.1

Container suse/sle-micro/5.2/toolbox:latest

libxml2-2-2.9.7-150000.3.57.1

Container suse/sle15:15.1

libxml2-2-2.9.7-150000.3.57.1

Container suse/sle15:15.2

libxml2-2-2.9.7-150000.3.57.1

Container suse/sle15:15.3

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP2-HPC-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-Azure

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP2-SAP-GCE

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-CHOST-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-CHOST-BYOS-EC2

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-CHOST-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-HPC-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-HPC-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAP-BYOS-Azure

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAP-BYOS-GCE

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAPCAL-Azure

libxml2-2-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libxml2-2-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

Image SLES15-SP3-SAPCAL-GCE

libxml2-2-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

SUSE Enterprise Storage 7

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Enterprise Storage 7.1

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Micro 5.1

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

SUSE Linux Enterprise Micro 5.2

libxml2-2-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Real Time 15 SP3

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Server 15 SP3-LTSS

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Manager Proxy 4.2

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

SUSE Manager Server 4.2

libxml2-2-2.9.7-150000.3.57.1

libxml2-2-32bit-2.9.7-150000.3.57.1

libxml2-devel-2.9.7-150000.3.57.1

libxml2-tools-2.9.7-150000.3.57.1

python2-libxml2-python-2.9.7-150000.3.57.1

python3-libxml2-python-2.9.7-150000.3.57.1

openSUSE Leap 15.4

python3-libxml2-python-2.9.7-150000.3.57.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232048-1/
Link for SUSE-SU-2023:2048-1
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014596.html
E-Mail link for SUSE-SU-2023:2048-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1065270
SUSE Bug 1065270
https://bugzilla.suse.com/1199132
SUSE Bug 1199132
https://bugzilla.suse.com/1204585
SUSE Bug 1204585
https://bugzilla.suse.com/1210411
SUSE Bug 1210411
https://bugzilla.suse.com/1210412
SUSE Bug 1210412
https://www.suse.com/security/cve/CVE-2021-3541/
SUSE CVE CVE-2021-3541 page
https://www.suse.com/security/cve/CVE-2022-29824/
SUSE CVE CVE-2022-29824 page
https://www.suse.com/security/cve/CVE-2023-28484/
SUSE CVE CVE-2023-28484 page
https://www.suse.com/security/cve/CVE-2023-29469/
SUSE CVE CVE-2023-29469 page

Описание

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Затронутые продукты

Container caasp/v4/cilium-operator:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/cilium:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/helm-tiller:2.16.12:libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/grafana:latest:libxml2-2-2.9.7-150000.3.57.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3541.html
CVE-2021-3541
https://bugzilla.suse.com/1186015
SUSE Bug 1186015

Описание

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Затронутые продукты

Container caasp/v4/cilium-operator:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/cilium:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/helm-tiller:2.16.12:libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/grafana:latest:libxml2-2-2.9.7-150000.3.57.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-29824.html
CVE-2022-29824
https://bugzilla.suse.com/1199132
SUSE Bug 1199132
https://bugzilla.suse.com/1202878
SUSE Bug 1202878
https://bugzilla.suse.com/1204121
SUSE Bug 1204121
https://bugzilla.suse.com/1204131
SUSE Bug 1204131
https://bugzilla.suse.com/1205069
SUSE Bug 1205069

Описание

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Затронутые продукты

Container caasp/v4/cilium-operator:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/cilium:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/helm-tiller:2.16.12:libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/grafana:latest:libxml2-2-2.9.7-150000.3.57.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-28484.html
CVE-2023-28484
https://bugzilla.suse.com/1210411
SUSE Bug 1210411

Описание

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

Затронутые продукты

Container caasp/v4/cilium-operator:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/cilium:1.6.6:libxml2-2-2.9.7-150000.3.57.1

Container caasp/v4/helm-tiller:2.16.12:libxml2-2-2.9.7-150000.3.57.1

Container ses/7.1/ceph/grafana:latest:libxml2-2-2.9.7-150000.3.57.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-29469.html
CVE-2023-29469
https://bugzilla.suse.com/1210412
SUSE Bug 1210412