Security update for libxml2
This update for libxml2 fixes the following security issues:
- CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a
denial of service (infinite loop) via a crafted XML file that triggers
LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279)
- CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML
file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
(bsc#1105166)
- CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval()
function when parsing an invalid XPath expression in the XPATH_OP_AND or
XPATH_OP_OR case leading to a denial of service attack (bsc#1102046)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1088279
VUL-1: CVE-2018-9251: libxml2: The xz_decomp function in xzlib.c allows remote attackers to cause a denial of service (infinite loop) via acrafted XML file that triggers LZMA_MEMLIMIT_ERROR
bnc#1102046
VUL-1: CVE-2018-14404 libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service
bnc#1105166
VUL-0: CVE-2018-14567: libxml2: infinite loop in LZMA decompression
