Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libxml2-2-2.9.4-46.62.1
Container suse/sles12sp4:latest
libxml2-2-2.9.4-46.62.1
Container suse/sles12sp5:latest
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-BYOS
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-Basic-On-Demand
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-HPC-BYOS
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-HPC-On-Demand
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-SAP-BYOS
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-Azure-SAP-On-Demand
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-Azure-Standard-On-Demand
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-EC2-BYOS
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-EC2-ECS-On-Demand
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-EC2-On-Demand
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-EC2-SAP-BYOS
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-EC2-SAP-On-Demand
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-GCE-BYOS
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-GCE-On-Demand
libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-GCE-SAP-BYOS
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-GCE-SAP-On-Demand
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libxml2-2-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libxml2-2-2.9.4-46.62.1
libxml2-2-32bit-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
SUSE Linux Enterprise Server 12 SP5
libxml2-2-2.9.4-46.62.1
libxml2-2-32bit-2.9.4-46.62.1
libxml2-doc-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
python-libxml2-2.9.4-46.62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libxml2-2-2.9.4-46.62.1
libxml2-2-32bit-2.9.4-46.62.1
libxml2-doc-2.9.4-46.62.1
libxml2-tools-2.9.4-46.62.1
python-libxml2-2.9.4-46.62.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libxml2-devel-2.9.4-46.62.1
Ссылки
- Link for SUSE-SU-2023:2054-1
- E-Mail link for SUSE-SU-2023:2054-1
- SUSE Security Ratings
- SUSE Bug 1210411
- SUSE Bug 1210412
- SUSE CVE CVE-2023-28484 page
- SUSE CVE CVE-2023-29469 page
Описание
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.62.1
Container suse/sles12sp4:latest:libxml2-2-2.9.4-46.62.1
Container suse/sles12sp5:latest:libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-BYOS:libxml2-2-2.9.4-46.62.1
Ссылки
- CVE-2023-28484
- SUSE Bug 1210411
Описание
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.62.1
Container suse/sles12sp4:latest:libxml2-2-2.9.4-46.62.1
Container suse/sles12sp5:latest:libxml2-2-2.9.4-46.62.1
Image SLES12-SP5-Azure-BYOS:libxml2-2-2.9.4-46.62.1
Ссылки
- CVE-2023-29469
- SUSE Bug 1210412