Mailinglist Archive: opensuse-updates (133 mails)

< Previous Next >
openSUSE-SU-2016:1446-1: moderate: Security update for libxml2
openSUSE Security Update: Security update for libxml2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1446-1
Rating: moderate
References: #962796 #972335 #975947
Cross-References: CVE-2016-3627 CVE-2016-3705
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:


libxml2 was updated to fix security issues and a regression from the last
version update.

Security issues fixed:
- CVE-2016-3627: Fixed stack exhaustion while parsing certain XML files in
recovery mode (bnc#972335).
- CVE-2016-3705: Improved protection against the Billion Laughs Attack
(bnc#975947).

Regression fixed:
- Fixed XML push parser that fails with bogus UTF-8 encoding error when
multi-byte character in large CDATA section is split across buffer
[bnc#962796]


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-662=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

libxml2-2-2.9.3-7.11.1
libxml2-2-debuginfo-2.9.3-7.11.1
libxml2-debugsource-2.9.3-7.11.1
libxml2-devel-2.9.3-7.11.1
libxml2-tools-2.9.3-7.11.1
libxml2-tools-debuginfo-2.9.3-7.11.1
python-libxml2-2.9.3-7.11.1
python-libxml2-debuginfo-2.9.3-7.11.1
python-libxml2-debugsource-2.9.3-7.11.1

- openSUSE 13.2 (x86_64):

libxml2-2-32bit-2.9.3-7.11.1
libxml2-2-debuginfo-32bit-2.9.3-7.11.1
libxml2-devel-32bit-2.9.3-7.11.1

- openSUSE 13.2 (noarch):

libxml2-doc-2.9.3-7.11.1


References:

https://www.suse.com/security/cve/CVE-2016-3627.html
https://www.suse.com/security/cve/CVE-2016-3705.html
https://bugzilla.suse.com/962796
https://bugzilla.suse.com/972335
https://bugzilla.suse.com/975947


< Previous Next >
This Thread
  • No further messages