Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1746-1

Опубликовано: 01 июл. 2017
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

Security issues fixed:

  • CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337)
  • CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
libxml2-2.9.4-5.9.1
libxml2-2-2.9.4-5.9.1
libxml2-2-32bit-2.9.4-5.9.1
libxml2-devel-2.9.4-5.9.1
libxml2-devel-32bit-2.9.4-5.9.1
libxml2-doc-2.9.4-5.9.1
libxml2-tools-2.9.4-5.9.1
python-libxml2-2.9.4-5.9.1

Ссылки

Описание

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

Затронутые продукты
openSUSE Leap 42.2:libxml2-2-2.9.4-5.9.1
openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.9.1
openSUSE Leap 42.2:libxml2-2.9.4-5.9.1
openSUSE Leap 42.2:libxml2-devel-2.9.4-5.9.1
Ссылки

Описание

** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."

Затронутые продукты
openSUSE Leap 42.2:libxml2-2-2.9.4-5.9.1
openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.9.1
openSUSE Leap 42.2:libxml2-2.9.4-5.9.1
openSUSE Leap 42.2:libxml2-devel-2.9.4-5.9.1
Ссылки