SUSE-SU-2023:4586-1

Опубликовано: 27 нояб. 2023

Источник: suse-cvrf

Описание

Security update for xerces-c

This update for xerces-c fixes the following issues:

CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156).

Список пакетов

SUSE Enterprise Storage 7.1

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise Module for Basesystem 15 SP4

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise Module for Basesystem 15 SP5

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise Server 15 SP3-LTSS

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

openSUSE Leap 15.4

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-3_2-32bit-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

xerces-c-3.2.3-150300.3.3.2

xerces-c-doc-3.2.3-150300.3.3.2

openSUSE Leap 15.5

libxerces-c-3_2-3.2.3-150300.3.3.2

libxerces-c-3_2-32bit-3.2.3-150300.3.3.2

libxerces-c-devel-3.2.3-150300.3.3.2

xerces-c-3.2.3-150300.3.3.2

xerces-c-doc-3.2.3-150300.3.3.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234586-1/
Link for SUSE-SU-2023:4586-1
https://lists.suse.com/pipermail/sle-security-updates/2023-November/017240.html
E-Mail link for SUSE-SU-2023:4586-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216156
SUSE Bug 1216156
https://www.suse.com/security/cve/CVE-2023-37536/
SUSE CVE CVE-2023-37536 page

Описание

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Затронутые продукты

SUSE Enterprise Storage 7.1:libxerces-c-3_2-3.2.3-150300.3.3.2

SUSE Enterprise Storage 7.1:libxerces-c-devel-3.2.3-150300.3.3.2

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libxerces-c-3_2-3.2.3-150300.3.3.2

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libxerces-c-devel-3.2.3-150300.3.3.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-37536.html
CVE-2023-37536
https://bugzilla.suse.com/1216156
SUSE Bug 1216156
https://bugzilla.suse.com/1219472
SUSE Bug 1219472
https://bugzilla.suse.com/1219708
SUSE Bug 1219708
https://bugzilla.suse.com/1221037
SUSE Bug 1221037

SUSE-SU-2023:4586-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-37536

Описание

Затронутые продукты

Ссылки