Security update for libxml2
This update for libxml2 fixes the following security issues:
* CVE-2017-9050: A heap-based buffer over-read in xmlDictAddString (bsc#1039069, bsc#1039661)
* CVE-2017-9049: A heap-based buffer overflow in xmlDictComputeFastKey (bsc#1039066)
* CVE-2017-9048: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039063)
* CVE-2017-9047: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039064)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1039064
VUL-0: CVE-2017-9048: libxml2: stack overflow vulnerability strcat two more characters without checking whether the current strlen(buf) + 2 < size (xmlSnprintfElementContent func in valid.c)
bnc#1039066
VUL-0: CVE-2017-9049: libxml2: heap-based buffer overflow (xmlDictComputeFastKey func)
bnc#1039661
VUL-0: CVE-2017-9050: libxml2: heap-based buffer over-read in function xmlDictAddString
bnc#1039069
VUL-0: libxml2: heap-based buffer overflow (xmlDictAddString func)
bnc#1039063
VUL-0: CVE-2017-9047: libxml2: stack overflow vulnerability (xmlSnprintfElementContent func in valid.c)
