SUSE-SU-2023:3699-1

Опубликовано: 20 сент. 2023

Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

Список пакетов

Container bci/bci-init:15.4

libxml2-2-2.9.14-150400.5.22.1

Container bci/node:16

libxml2-2-2.9.14-150400.5.22.1

Container bci/python:3

libxml2-2-2.9.14-150400.5.22.1

Container rancher/elemental-teal-rt/5.4:latest

libxml2-2-2.9.14-150400.5.22.1

Container rancher/elemental-teal/5.4:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/ltss/sle15.4/bci-base:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/manager/4.3/proxy-httpd:latest

libxml2-2-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Container suse/manager/4.3/proxy-salt-broker:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/manager/4.3/proxy-squid:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/pcp:5

libxml2-2-2.9.14-150400.5.22.1

Container suse/postgres:14

libxml2-2-2.9.14-150400.5.22.1

Container suse/sle-micro-rancher/5.3:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/sle-micro-rancher/5.4:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/sle-micro/5.3/toolbox:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/sle-micro/5.4/toolbox:latest

libxml2-2-2.9.14-150400.5.22.1

Container suse/sle15:15.4

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-CHOST-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-CHOST-BYOS-Aliyun

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-CHOST-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-CHOST-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-CHOST-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-HPC-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-HPC-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-HPC-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-HPC-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-HPC-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-HPC-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Hardened-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Hardened-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Hardened-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Hardened-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

libxml2-2-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-3

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-3-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-3-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-3-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-3-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-3-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4-EC2

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-Micro-5-4-GCE

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Azure

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-BYOS

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-EC2

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-GCE

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened-Azure

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened-BYOS

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAP-Hardened-GCE

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAPCAL

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAPCAL-Azure

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAPCAL-EC2

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SAPCAL-GCE

libxml2-2-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

libxml2-2-2.9.14-150400.5.22.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

libxml2-2-2.9.14-150400.5.22.1

SUSE Linux Enterprise Micro 5.3

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

SUSE Linux Enterprise Micro 5.4

libxml2-2-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libxml2-2-2.9.14-150400.5.22.1

libxml2-2-32bit-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

SUSE Linux Enterprise Module for Python 3 15 SP4

python311-libxml2-2.9.14-150400.5.22.1

openSUSE Leap 15.4

libxml2-2-2.9.14-150400.5.22.1

libxml2-2-32bit-2.9.14-150400.5.22.1

libxml2-devel-2.9.14-150400.5.22.1

libxml2-devel-32bit-2.9.14-150400.5.22.1

libxml2-doc-2.9.14-150400.5.22.1

libxml2-tools-2.9.14-150400.5.22.1

python3-libxml2-2.9.14-150400.5.22.1

python311-libxml2-2.9.14-150400.5.22.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233699-1/
Link for SUSE-SU-2023:3699-1
https://lists.suse.com/pipermail/sle-updates/2023-September/031569.html
E-Mail link for SUSE-SU-2023:3699-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214768
SUSE Bug 1214768
https://www.suse.com/security/cve/CVE-2023-39615/
SUSE CVE CVE-2023-39615 page

Описание

** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

Затронутые продукты

Container bci/bci-init:15.4:libxml2-2-2.9.14-150400.5.22.1

Container bci/node:16:libxml2-2-2.9.14-150400.5.22.1

Container bci/python:3:libxml2-2-2.9.14-150400.5.22.1

Container rancher/elemental-teal-rt/5.4:latest:libxml2-2-2.9.14-150400.5.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-39615.html
CVE-2023-39615
https://bugzilla.suse.com/1214768
SUSE Bug 1214768