Overview

File _patchinfo of Package patchinfo.4858

<patchinfo incident="4858">
  <issue id="1039064" tracker="bnc">VUL-0: CVE-2017-9048: libxml2: stack overflow vulnerability strcat two more characters without checking whether the current strlen(buf) + 2 &lt; size (xmlSnprintfElementContent func in valid.c)</issue>
  <issue id="1039066" tracker="bnc">VUL-0: CVE-2017-9049: libxml2: heap-based buffer overflow (xmlDictComputeFastKey func)</issue>
  <issue id="1039661" tracker="bnc">VUL-0: CVE-2017-9050: libxml2: heap-based buffer over-read in function xmlDictAddString</issue>
  <issue id="1039069" tracker="bnc">VUL-0: libxml2: heap-based buffer overflow (xmlDictAddString func)</issue>
  <issue id="1039063" tracker="bnc">VUL-0: CVE-2017-9047: libxml2: stack overflow vulnerability (xmlSnprintfElementContent func in valid.c)</issue>
  <issue id="2017-9049" tracker="cve" />
  <issue id="2017-9048" tracker="cve" />
  <issue id="2017-9050" tracker="cve" />
  <issue id="2017-9047" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>
This update for libxml2 fixes the following issues:

  -  CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661]
  -  CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066]
  -  CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063]
  -  CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064]
     
</description>
  <summary>Security update for libxml2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places