Overview

File _patchinfo of Package patchinfo.3902

 <patchinfo incident="3902">
  <issue id="1017497" tracker="bnc">VUL-0: CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file</issue>
  <issue id="876652" tracker="bnc">VUL-1: CVE-2014-0191: libxml2: external parameter entity loaded when entity substitution is disabled</issue>
  <issue id="1010675" tracker="bnc">VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability</issue>
   <issue id="1014873" tracker="bnc">Bug/Security fix request for SLES 11 SP3 LTSS: libxml2</issue>
  <issue id="1013930" tracker="bnc">L3: VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability - Request for patch for SLES 11 SP3 LTSS x86_64</issue>
  <issue id="2014-0191" tracker="cve" />
   <issue id="2016-9318" tracker="cve" />
   <issue id="2016-9597" tracker="cve" />
   <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
   <description>
 This update for libxml2 fixes the following issues:
 
* Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873]
* CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497)
* CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS. (bsc#876652)
* CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675)
 
 </description>
   <summary>Security update for libxml2</summary>
 </patchinfo>
openSUSE Build Service is sponsored by
Places