openSUSE-SU-2019:1235-1

Опубликовано: 18 апр. 2019

Источник: suse-cvrf

Описание

Security update for xmltooling

This update for xmltooling fixes the following issues:

Security issue fixed:

CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libxmltooling-devel-1.6.4-lp150.2.3.1

libxmltooling7-1.6.4-lp150.2.3.1

xmltooling-schemas-1.6.4-lp150.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7N5AKYN2B3HGTOARHBSRNN6OFMMTUGE/#O7N5AKYN2B3HGTOARHBSRNN6OFMMTUGE
E-Mail link for openSUSE-SU-2019:1235-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1129537
SUSE Bug 1129537
https://www.suse.com/security/cve/CVE-2019-9628/
SUSE CVE CVE-2019-9628 page

Описание

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Затронутые продукты

openSUSE Leap 15.0:libxmltooling-devel-1.6.4-lp150.2.3.1

openSUSE Leap 15.0:libxmltooling7-1.6.4-lp150.2.3.1

openSUSE Leap 15.0:xmltooling-schemas-1.6.4-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-9628.html
CVE-2019-9628
https://bugzilla.suse.com/1129537
SUSE Bug 1129537

openSUSE-SU-2019:1235-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-9628

Описание

Затронутые продукты

Ссылки