exploitDog

openSUSE-SU-2022:0802-1

Опубликовано: 10 мар. 2022

Источник: suse-cvrf

Описание

Security update for python-libxml2-python

This update for python-libxml2-python fixes the following issues:

CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).

Список пакетов

openSUSE Leap 15.3

python2-libxml2-python-2.9.7-3.40.1

python3-libxml2-python-2.9.7-3.40.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UGCK33AJ4DGXLWFFRJOHKOZBZ7OBQCE4/
E-Mail link for openSUSE-SU-2022:0802-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1196490
SUSE Bug 1196490
https://www.suse.com/security/cve/CVE-2022-23308/
SUSE CVE CVE-2022-23308 page

Описание

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Затронутые продукты

openSUSE Leap 15.3:python2-libxml2-python-2.9.7-3.40.1

openSUSE Leap 15.3:python3-libxml2-python-2.9.7-3.40.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-23308.html
CVE-2022-23308
https://bugzilla.suse.com/1196490
SUSE Bug 1196490
https://bugzilla.suse.com/1199098
SUSE Bug 1199098
https://bugzilla.suse.com/1202688
SUSE Bug 1202688