Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1810-1

Опубликовано: 06 июл. 2017
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

Security issues fixed:

  • CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887)
  • CVE-2017-7375: Prevent unwanted external entity reference (bsc#1044894)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
libxml2-2.9.4-5.10.1
libxml2-2-2.9.4-5.10.1
libxml2-2-32bit-2.9.4-5.10.1
libxml2-devel-2.9.4-5.10.1
libxml2-devel-32bit-2.9.4-5.10.1
libxml2-doc-2.9.4-5.10.1
libxml2-tools-2.9.4-5.10.1
python-libxml2-2.9.4-5.10.1

Ссылки

Описание

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

Затронутые продукты
openSUSE Leap 42.2:libxml2-2-2.9.4-5.10.1
openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.10.1
openSUSE Leap 42.2:libxml2-2.9.4-5.10.1
openSUSE Leap 42.2:libxml2-devel-2.9.4-5.10.1
Ссылки

Описание

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

Затронутые продукты
openSUSE Leap 42.2:libxml2-2-2.9.4-5.10.1
openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.10.1
openSUSE Leap 42.2:libxml2-2.9.4-5.10.1
openSUSE Leap 42.2:libxml2-devel-2.9.4-5.10.1
Ссылки