Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:Update
patchinfo.3901
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3901
<patchinfo incident="3901"> <issue id="1013930" tracker="bnc">L3: VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability - Request for patch for SLES 11 SP3 LTSS x86_64</issue> <issue id="1005544" tracker="bnc">VUL-0: CVE-2016-4658: libxml2: Use after free via namespace node in XPointer ranges</issue> <issue id="1010675" tracker="bnc">VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability</issue> <issue id="1014873" tracker="bnc">Bug/Security fix request for SLES 11 SP3 LTSS: libxml2</issue> <issue id="1017497" tracker="bnc">VUL-0: CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file</issue> <issue id="2016-4658" tracker="cve" /> <issue id="2016-9318" tracker="cve" /> <issue id="2016-9597" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>simotek</packager> <description> This update for libxml2 fixes the following issues: * CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] * Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] * CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). </description> <summary>Security update for libxml2</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor