SUSE-SU-2016:1538-1
Vulnerability Summary
Timeline
Description
Security update for libxml2 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter.
Affected Systems
- suse•libxml2&distro=SUSE Linux Enterprise Desktop 12
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Desktop 12 SP1
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Server 12
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Server 12 SP1
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Software Development Kit 12
< 2.9.1-24.1
- suse•libxml2&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 2.9.1-24.1
- suse•python-libxml2&distro=SUSE Linux Enterprise Desktop 12
< 2.9.1-24.1
- suse•python-libxml2&distro=SUSE Linux Enterprise Desktop 12 SP1
< 2.9.1-24.1
- suse•python-libxml2&distro=SUSE Linux Enterprise Server 12
< 2.9.1-24.1
- suse•python-libxml2&distro=SUSE Linux Enterprise Server 12 SP1
< 2.9.1-24.1
- suse•python-libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12
< 2.9.1-24.1
- suse•python-libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
< 2.9.1-24.1
References (30)
- https://www.suse.com/support/update/announcement/2016/suse-su-20161538-1/
- https://bugzilla.suse.com/963963
- https://bugzilla.suse.com/965283
- https://bugzilla.suse.com/978395
- https://bugzilla.suse.com/981040
- https://bugzilla.suse.com/981041
- https://bugzilla.suse.com/981108
- https://bugzilla.suse.com/981109
- https://bugzilla.suse.com/981111
- https://bugzilla.suse.com/981112
- https://bugzilla.suse.com/981114
- https://bugzilla.suse.com/981115
- https://bugzilla.suse.com/981548
- https://bugzilla.suse.com/981549
- https://bugzilla.suse.com/981550
- https://www.suse.com/security/cve/CVE-2015-8806
- https://www.suse.com/security/cve/CVE-2016-1762
- https://www.suse.com/security/cve/CVE-2016-1833
- https://www.suse.com/security/cve/CVE-2016-1834
- https://www.suse.com/security/cve/CVE-2016-1835
- https://www.suse.com/security/cve/CVE-2016-1837
- https://www.suse.com/security/cve/CVE-2016-1838
- https://www.suse.com/security/cve/CVE-2016-1839
- https://www.suse.com/security/cve/CVE-2016-1840
- https://www.suse.com/security/cve/CVE-2016-2073
- https://www.suse.com/security/cve/CVE-2016-3705
- https://www.suse.com/security/cve/CVE-2016-4447
- https://www.suse.com/security/cve/CVE-2016-4448
- https://www.suse.com/security/cve/CVE-2016-4449
- https://www.suse.com/security/cve/CVE-2016-4483