SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1627-1 Rating: important References: #829077 Cross-References: CVE-2011-3102 CVE-2011-3919 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2013-0338 CVE-2013-0339 CVE-2013-2877 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: libxml2 has been updated to fix the following security issue: * CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Security Issue references: * CVE-2013-0338 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
* CVE-2013-0339 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339
* CVE-2012-5134 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
* CVE-2012-2807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
* CVE-2011-3102 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
* CVE-2012-0841 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
* CVE-2011-3919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919
* CVE-2013-2877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): libxml2-2.6.23-15.39.1 libxml2-devel-2.6.23-15.39.1 libxml2-python-2.6.23-15.39.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): libxml2-32bit-2.6.23-15.39.1 libxml2-devel-32bit-2.6.23-15.39.1 References: http://support.novell.com/security/cve/CVE-2011-3102.html http://support.novell.com/security/cve/CVE-2011-3919.html http://support.novell.com/security/cve/CVE-2012-0841.html http://support.novell.com/security/cve/CVE-2012-2807.html http://support.novell.com/security/cve/CVE-2012-5134.html http://support.novell.com/security/cve/CVE-2013-0338.html http://support.novell.com/security/cve/CVE-2013-0339.html http://support.novell.com/security/cve/CVE-2013-2877.html https://bugzilla.novell.com/829077 http://download.novell.com/patch/finder/?keywords=aeb05c467f847178dc94b70e3b... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org