Overview

File _patchinfo of Package patchinfo.6602

<patchinfo incident="6602">
  <issue id="1077993" tracker="bnc">VUL-0: CVE-2017-15412: libxml2: use after free in libxml</issue>
  <issue id="1078813" tracker="bnc">VUL-0: CVE-2016-5131: libxml2: chromium-browser: use-after-free in libxml</issue>
  <issue id="1078806" tracker="bnc">VUL-0: CVE-2017-5130: libxml2: remote buffer overflow</issue>
  <issue id="2016-5131" tracker="cve" />
  <issue id="2017-5130" tracker="cve" />
 <issue id="2017-15412" tracker="cve" />
  <category>security</category>
  <summary>Security update for libxml2</summary>
  <rating>moderate</rating>
  <packager>jsegitz</packager>
  <description>This update for libxml2 fixes one issue.

This security issue was fixed:

- CVE-2017-15412: Prevent use after free when calling XPath extension functions
  that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)
- CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed
  remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to the XPointer range-to
  function. (bsc#1078813)
- CVE-2017-5130: Fixed a potential remote buffer overflow in function
  xmlMemoryStrdup() (bsc#1078806)

  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places