Security update for libxml2
Announcement ID: | SUSE-SU-2016:1604-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 15 vulnerabilities can now be installed.
Description:
This update for libxml2 fixes the following security issues:
- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].
- CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395].
- CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040].
- CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].
- CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108].
- CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109].
- CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111].
- CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112].
- CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115].
- CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548].
- CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549],
- CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550].
- CVE-2016-3705: Fixed missing increment of recursion counter.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Development Kit 11 SP4
zypper in -t patch sdksp4-libxml2-12616=1
-
SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2
zypper in -t patch slessp2-libxml2-12616=1
-
SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3
zypper in -t patch slessp3-libxml2-12616=1
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-libxml2-12616=1
-
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-libxml2-12616=1
-
SUSE Cloud 5
zypper in -t patch sleclo50sp3-libxml2-12616=1
-
SUSE Manager Server 2.1
zypper in -t patch sleman21-libxml2-12616=1
-
SUSE Manager Proxy 2.1
zypper in -t patch slemap21-libxml2-12616=1
Package List:
-
SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- libxml2-devel-2.7.6-0.44.1
-
SUSE Linux Enterprise Software Development Kit 11 SP4 (ppc64 s390x x86_64)
- libxml2-devel-32bit-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (s390x x86_64 i586)
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (s390x x86_64)
- libxml2-32bit-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (s390x x86_64 i586)
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (s390x x86_64)
- libxml2-32bit-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP4 (ia64)
- libxml2-x86-2.7.6-0.44.1
-
SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64)
- libxml2-32bit-2.7.6-0.44.1
-
SLES for SAP Applications 11-SP4 (ppc64 x86_64)
- libxml2-32bit-2.7.6-0.44.1
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
-
SUSE Cloud 5 (x86_64)
- libxml2-32bit-2.7.6-0.44.1
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
-
SUSE Manager Server 2.1 (s390x x86_64)
- libxml2-32bit-2.7.6-0.44.1
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
-
SUSE Manager Proxy 2.1 (x86_64)
- libxml2-32bit-2.7.6-0.44.1
- libxml2-doc-2.7.6-0.44.1
- libxml2-python-2.7.6-0.44.4
- libxml2-2.7.6-0.44.1
References:
- https://www.suse.com/security/cve/CVE-2015-8806.html
- https://www.suse.com/security/cve/CVE-2016-1762.html
- https://www.suse.com/security/cve/CVE-2016-1833.html
- https://www.suse.com/security/cve/CVE-2016-1834.html
- https://www.suse.com/security/cve/CVE-2016-1835.html
- https://www.suse.com/security/cve/CVE-2016-1837.html
- https://www.suse.com/security/cve/CVE-2016-1838.html
- https://www.suse.com/security/cve/CVE-2016-1839.html
- https://www.suse.com/security/cve/CVE-2016-1840.html
- https://www.suse.com/security/cve/CVE-2016-2073.html
- https://www.suse.com/security/cve/CVE-2016-3705.html
- https://www.suse.com/security/cve/CVE-2016-4447.html
- https://www.suse.com/security/cve/CVE-2016-4448.html
- https://www.suse.com/security/cve/CVE-2016-4449.html
- https://www.suse.com/security/cve/CVE-2016-4483.html
- https://bugzilla.suse.com/show_bug.cgi?id=963963
- https://bugzilla.suse.com/show_bug.cgi?id=965283
- https://bugzilla.suse.com/show_bug.cgi?id=978395
- https://bugzilla.suse.com/show_bug.cgi?id=981040
- https://bugzilla.suse.com/show_bug.cgi?id=981041
- https://bugzilla.suse.com/show_bug.cgi?id=981108
- https://bugzilla.suse.com/show_bug.cgi?id=981109
- https://bugzilla.suse.com/show_bug.cgi?id=981111
- https://bugzilla.suse.com/show_bug.cgi?id=981112
- https://bugzilla.suse.com/show_bug.cgi?id=981114
- https://bugzilla.suse.com/show_bug.cgi?id=981115
- https://bugzilla.suse.com/show_bug.cgi?id=981548
- https://bugzilla.suse.com/show_bug.cgi?id=981549
- https://bugzilla.suse.com/show_bug.cgi?id=981550