Описание
Security update for libxml2
This update for libxml2 fixes three security issues:
- CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)
- CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)
- CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0418-1
- SUSE Security Ratings
Описание
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Затронутые продукты
Ссылки
- CVE-2016-5131
- SUSE Bug 1014873
- SUSE Bug 1069433
- SUSE Bug 1078813
- SUSE Bug 1123919
- SUSE Bug 989901
Описание
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2017-15412
- SUSE Bug 1071691
- SUSE Bug 1077993
- SUSE Bug 1123129
- SUSE Bug 1123919
Описание
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Затронутые продукты
Ссылки
- CVE-2017-5130
- SUSE Bug 1064066
- SUSE Bug 1064089
- SUSE Bug 1078806
- SUSE Bug 1123129
- SUSE Bug 1123919