openSUSE-SU-2016:0188-1

Опубликовано: 21 янв. 2016

Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following security issue:

CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

libxml2-2.9.1-13.1

libxml2-2-2.9.1-13.1

libxml2-2-32bit-2.9.1-13.1

libxml2-devel-2.9.1-13.1

libxml2-devel-32bit-2.9.1-13.1

libxml2-doc-2.9.1-13.1

libxml2-tools-2.9.1-13.1

python-libxml2-2.9.1-13.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-01/msg00066.html
E-Mail link for openSUSE-SU-2016:0188-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Затронутые продукты

openSUSE Leap 42.1:libxml2-2-2.9.1-13.1

openSUSE Leap 42.1:libxml2-2-32bit-2.9.1-13.1

openSUSE Leap 42.1:libxml2-2.9.1-13.1

openSUSE Leap 42.1:libxml2-devel-2.9.1-13.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8710.html
CVE-2015-8710
https://bugzilla.suse.com/1123919
SUSE Bug 1123919
https://bugzilla.suse.com/960674
SUSE Bug 960674

openSUSE-SU-2016:0188-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-8710

Описание

Затронутые продукты

Ссылки