Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Maintenance:5164
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo incident="5164"> <issue id="983288" tracker="bnc">perl-XML-LibXML, perl-XML-LibXSLT rebuild fail</issue> <issue id="972335" tracker="bnc">VUL-0: CVE-2016-3627: libxml2: stack exhaustion while parsing xml files in recovery mode</issue> <issue id="975947" tracker="bnc">VUL-0: CVE-2016-3705: libxml2: crash in xml validator (parser)</issue> <issue id="978395" tracker="bnc">VUL-1: CVE-2016-4483: libxml2: out-of-bounds read parsing an XML using recover mode</issue> <issue id="981040" tracker="bnc">VUL-0: CVE-2016-1762: libxml2: Heap-based buffer overread in xmlNextChar</issue> <issue id="981041" tracker="bnc">VUL-0: CVE-2016-1834: libxml2: heap-buffer-overflow in xmlStrncat</issue> <issue id="981108" tracker="bnc">VUL-0: CVE-2016-1833: libxml2: Heap-based buffer overread in htmlCurrentChar</issue> <issue id="981109" tracker="bnc">VUL-0: CVE-2016-1835: libxml2: Heap use-after-free in xmlSAX2AttributeNs</issue> <issue id="981110" tracker="bnc">VUL-0: CVE-2016-1836: libxml2: Heap use-after-free in xmlDictComputeFastKey</issue> <issue id="981111" tracker="bnc">VUL-0: CVE-2016-1837: libxml2: Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral</issue> <issue id="981112" tracker="bnc">VUL-0: CVE-2016-1838: libxml2: Heap-based buffer overread in xmlParserPrintFileContextInternal</issue> <issue id="981114" tracker="bnc">VUL-0: CVE-2016-1839: libxml2: Heap-based buffer overread in xmlDictAddString</issue> <issue id="981115" tracker="bnc">VUL-1: CVE-2016-1840: libxml2: heap-buffer-overflow in xmlFAParsePosCharGroup</issue> <issue id="CVE-2016-1835" tracker="cve" /> <issue id="CVE-2016-3705" tracker="cve" /> <issue id="CVE-2016-4483" tracker="cve" /> <issue id="CVE-2016-1834" tracker="cve" /> <issue id="CVE-2016-1840" tracker="cve" /> <issue id="CVE-2016-1836" tracker="cve" /> <issue id="CVE-2016-1837" tracker="cve" /> <issue id="CVE-2016-3627" tracker="cve" /> <issue id="CVE-2016-1833" tracker="cve" /> <issue id="CVE-2016-1838" tracker="cve" /> <issue id="CVE-2016-1839" tracker="cve" /> <issue id="CVE-2016-1762" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>psimons</packager> <description>This update brings libxml2 to version 2.9.4. These security issues were fixed: - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document (bsc#972335). - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981108). - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981109). - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981111). - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981110). - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840 (bsc#981114). - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840 (bsc#981112). - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839 (bsc#981115). - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode (bnc#978395). - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981041). - CVE-2016-3705: The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 did not properly keep track of the recursion depth, which allowed context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references (bsc#975947). - CVE-2016-1762: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981040). This non-security issue was fixed: - bnc#983288: Fix attribute decoding during XML schema validation </description> <summary>Security update for libxml2</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor