File _patchinfo of Package patchinfo.25793
<patchinfo incident="25793"> <issue tracker="cve" id="2021-28903"/> <issue tracker="cve" id="2021-28906"/> <issue tracker="cve" id="2021-28902"/> <issue tracker="cve" id="2021-28904"/> <issue tracker="bnc" id="1186376">VUL-0: CVE-2021-28904: libyang: In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL, which could lead to a DoS</issue> <issue tracker="bnc" id="1186378">VUL-0: CVE-2021-28906: libyang: In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to a DoS</issue> <issue tracker="bnc" id="1186375">VUL-0: CVE-2021-28903: libyang: A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem().</issue> <issue tracker="bnc" id="1186374">VUL-0: CVE-2021-28902: libyang: In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to a DoS</issue> <packager>dspinella</packager> <rating>important</rating> <category>security</category> <summary>Security update for libyang</summary> <description>This update for libyang fixes the following issues: - CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS (bsc#1186378) - CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS (bsc#1186376). - CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem (bsc#1186375). - CVE-2021-28902: Fixed missing check in read_yin_container that can lead to DoS (bsc#1186374). </description> </patchinfo>
