openSUSE-SU-2022:0012-1

Опубликовано: 14 янв. 2022

Источник: suse-cvrf

Описание

Security update for prosody

This update for prosody fixes the following issues:

Update to 0.11.12:

CVE-2022-0217: util.xml: Do not allow doctypes, comments or processing instructions (bsc#1194596)

Список пакетов

SUSE Package Hub 15 SP3

prosody-0.11.12-bp153.2.12.1

openSUSE Leap 15.3

prosody-0.11.12-bp153.2.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T4AYNB4WRJM6UGUGE4MCR3AAVYPLM2PP/
E-Mail link for openSUSE-SU-2022:0012-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194596
SUSE Bug 1194596
https://www.suse.com/security/cve/CVE-2022-0217/
SUSE CVE CVE-2022-0217 page

Описание

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).

Затронутые продукты

SUSE Package Hub 15 SP3:prosody-0.11.12-bp153.2.12.1

openSUSE Leap 15.3:prosody-0.11.12-bp153.2.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0217.html
CVE-2022-0217
https://bugzilla.suse.com/1194596
SUSE Bug 1194596

openSUSE-SU-2022:0012-1

Описание

Список пакетов

SUSE Package Hub 15 SP3

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-0217

Описание

Затронутые продукты

Ссылки