Overview

File _patchinfo of Package patchinfo.3901

<patchinfo incident="3901">
  <issue id="1013930" tracker="bnc">L3: VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability - Request for patch for SLES 11 SP3 LTSS x86_64</issue>
  <issue id="1005544" tracker="bnc">VUL-0: CVE-2016-4658: libxml2: Use after free via namespace node in XPointer ranges</issue>
  <issue id="1010675" tracker="bnc">VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability</issue>
  <issue id="1014873" tracker="bnc">Bug/Security fix request for SLES 11 SP3 LTSS: libxml2</issue>
  <issue id="1017497" tracker="bnc">VUL-0: CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file</issue>
  <issue id="2016-4658" tracker="cve" />
  <issue id="2016-9318" tracker="cve" />
  <issue id="2016-9597" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>simotek</packager>
  <description>
This update for libxml2 fixes the following issues:

* CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544]
* Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873]
* CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497).

For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files
and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930).
</description>
  <summary>Security update for libxml2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places