Mailinglist Archive: opensuse-updates (133 mails)

< Previous Next >
openSUSE-SU-2016:1298-1: moderate: Security update for libxml2
openSUSE Security Update: Security update for libxml2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1298-1
Rating: moderate
References: #972335 #975947
Cross-References: CVE-2016-3627
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for libxml2 fixes two security issues:

- libxml2 limits the number of recursions an XML document can contain so
to protect against the "Billion Laughs" denial-of-service attack.
Unfortunately, the underlying counter was not incremented properly in
all necessary locations. Therefore, specially crafted XML documents
could exhaust all available stack space and crash the XML parser without
running into the recursion limit. This vulnerability has been fixed.
(bsc#975947)

- When running in recovery mode, certain invalid XML documents would
trigger an infinite recursion in libxml2 that ran until all stack space
was exhausted. This vulnerability could have been used to facilitate a
denial-of-sevice attack. (CVE-2016-3627, bsc#972335)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-583=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libxml2-2-2.9.1-16.1
libxml2-2-debuginfo-2.9.1-16.1
libxml2-debugsource-2.9.1-16.1
libxml2-devel-2.9.1-16.1
libxml2-tools-2.9.1-16.1
libxml2-tools-debuginfo-2.9.1-16.1
python-libxml2-2.9.1-16.1
python-libxml2-debuginfo-2.9.1-16.1
python-libxml2-debugsource-2.9.1-16.1

- openSUSE Leap 42.1 (noarch):

libxml2-doc-2.9.1-16.1

- openSUSE Leap 42.1 (x86_64):

libxml2-2-32bit-2.9.1-16.1
libxml2-2-debuginfo-32bit-2.9.1-16.1
libxml2-devel-32bit-2.9.1-16.1


References:

https://www.suse.com/security/cve/CVE-2016-3627.html
https://bugzilla.suse.com/972335
https://bugzilla.suse.com/975947


< Previous Next >
This Thread
  • No further messages