Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
The following non-security bug was fixed:
- Remove unneeded dependency (bsc#1209918).
Список пакетов
Container bci/bci-init:15.4
libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-aspnet:6.0
libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-aspnet:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-runtime:6.0
libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-runtime:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-sdk:6.0
libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-sdk:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/golang:1.19
libxml2-2-2.9.14-150400.5.16.1
Container bci/golang:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/node:16
libxml2-2-2.9.14-150400.5.16.1
Container bci/nodejs:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/openjdk-devel:11
libxml2-2-2.9.14-150400.5.16.1
Container bci/openjdk-devel:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/openjdk:11
libxml2-2-2.9.14-150400.5.16.1
Container bci/openjdk:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/php-apache:8
libxml2-2-2.9.14-150400.5.16.1
Container bci/php-fpm:8
libxml2-2-2.9.14-150400.5.16.1
Container bci/php:8
libxml2-2-2.9.14-150400.5.16.1
Container bci/python:3
libxml2-2-2.9.14-150400.5.16.1
Container bci/python:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/ruby:latest
libxml2-2-2.9.14-150400.5.16.1
Container bci/rust:1.67
libxml2-2-2.9.14-150400.5.16.1
Container bci/rust:1.68
libxml2-2-2.9.14-150400.5.16.1
Container bci/rust:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-builder-image/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-operator/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-operator:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-teal-iso/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-teal-iso/5.4:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-teal-rt/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-teal-rt/5.4:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-teal/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/elemental-teal/5.4:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/seedimage-builder/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container rancher/seedimage-builder:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/389-ds:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/ltss/sle15.4/bci-base:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/manager/4.3/proxy-httpd:latest
libxml2-2-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Container suse/manager/4.3/proxy-salt-broker:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/manager/4.3/proxy-squid:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/pcp:5
libxml2-2-2.9.14-150400.5.16.1
Container suse/postgres:14
libxml2-2-2.9.14-150400.5.16.1
Container suse/postgres:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/sle-micro-rancher/5.3:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/sle-micro-rancher/5.4:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/sle-micro/5.3/toolbox:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/sle-micro/5.4/toolbox:latest
libxml2-2-2.9.14-150400.5.16.1
Container suse/sle15:15.4
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Azure-Basic
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Azure-Standard
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-CHOST-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-CHOST-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-CHOST-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-CHOST-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-EC2-ECS-HVM
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-HPC-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Hardened-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Hardened-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Hardened-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Hardened-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
libxml2-2-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-3
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-3-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-3-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-EC2
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-Micro-5-4-GCE
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Azure
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-BYOS
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-EC2
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-GCE
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-Azure
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-BYOS
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-EC2
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAP-Hardened-GCE
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAPCAL
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAPCAL-Azure
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAPCAL-EC2
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SAPCAL-GCE
libxml2-2-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
libxml2-2-2.9.14-150400.5.16.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
libxml2-2-2.9.14-150400.5.16.1
SUSE Linux Enterprise Micro 5.3
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
SUSE Linux Enterprise Micro 5.4
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libxml2-2-2.9.14-150400.5.16.1
libxml2-2-32bit-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
openSUSE Leap 15.4
libxml2-2-2.9.14-150400.5.16.1
libxml2-2-32bit-2.9.14-150400.5.16.1
libxml2-devel-2.9.14-150400.5.16.1
libxml2-devel-32bit-2.9.14-150400.5.16.1
libxml2-doc-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
openSUSE Leap Micro 5.3
libxml2-2-2.9.14-150400.5.16.1
libxml2-tools-2.9.14-150400.5.16.1
python3-libxml2-2.9.14-150400.5.16.1
Ссылки
- Link for SUSE-SU-2023:2053-1
- E-Mail link for SUSE-SU-2023:2053-1
- SUSE Security Ratings
- SUSE Bug 1209918
- SUSE Bug 1210411
- SUSE Bug 1210412
- SUSE CVE CVE-2023-28484 page
- SUSE CVE CVE-2023-29469 page
Описание
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Затронутые продукты
Container bci/bci-init:15.4:libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-aspnet:6.0:libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-aspnet:latest:libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-runtime:6.0:libxml2-2-2.9.14-150400.5.16.1
Ссылки
- CVE-2023-28484
- SUSE Bug 1210411
Описание
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Затронутые продукты
Container bci/bci-init:15.4:libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-aspnet:6.0:libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-aspnet:latest:libxml2-2-2.9.14-150400.5.16.1
Container bci/dotnet-runtime:6.0:libxml2-2-2.9.14-150400.5.16.1
Ссылки
- CVE-2023-29469
- SUSE Bug 1210412