Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:0681-1

Опубликовано: 22 мая 2020
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

  • CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).
  • CVE-2019-19956: Fixed a memory leak (bsc#1159928).
  • CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
libxml2-2-2.9.7-lp151.5.9.1
libxml2-2-32bit-2.9.7-lp151.5.9.1
libxml2-devel-2.9.7-lp151.5.9.1
libxml2-devel-32bit-2.9.7-lp151.5.9.1
libxml2-doc-2.9.7-lp151.5.9.1
libxml2-tools-2.9.7-lp151.5.9.1
python2-libxml2-python-2.9.7-lp151.5.9.1
python3-libxml2-python-2.9.7-lp151.5.9.1

Ссылки

Описание

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Затронутые продукты
openSUSE Leap 15.1:libxml2-2-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-2-32bit-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-devel-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-devel-32bit-2.9.7-lp151.5.9.1
Ссылки

Описание

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Затронутые продукты
openSUSE Leap 15.1:libxml2-2-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-2-32bit-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-devel-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-devel-32bit-2.9.7-lp151.5.9.1
Ссылки

Описание

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Затронутые продукты
openSUSE Leap 15.1:libxml2-2-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-2-32bit-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-devel-2.9.7-lp151.5.9.1
openSUSE Leap 15.1:libxml2-devel-32bit-2.9.7-lp151.5.9.1
Ссылки