Security update for libxml2
This update for libxml2 fixes three security issues:
- CVE-2017-15412: Prevent use after free when calling XPath extension functions
that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)
- CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the XPointer range-to
function. (bsc#1078813)
- CVE-2017-5130: Fixed a potential remote buffer overflow in function
xmlMemoryStrdup() (bsc#1078806)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Johannes Segitz (jsegitz)
Fixed bugs
bnc#1077993
VUL-0: CVE-2017-15412: libxml2: use after free in libxml
bnc#1078813
VUL-0: CVE-2016-5131: libxml2: chromium-browser: use-after-free in libxml
bnc#1078806
VUL-0: CVE-2017-5130: libxml2: remote buffer overflow
