SUSE-SU-2017:0164-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2016-9318

Published: 16 Jan 2017, 15:24

Last modified:04 Feb 2026, 02:47

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Jan 2017, 15:24

Published

Vulnerability first disclosed

04 Feb 2026, 02:47

Last Modified

Vulnerability information updated

Description

Security update for libxml2 This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873)

Affected Systems

suse•libxml2-python&distro=SUSE Linux Enterprise Server 11 SP4
< 2.7.6-0.64.4
suse•libxml2-python&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 2.7.6-0.64.4
suse•libxml2&distro=SUSE Linux Enterprise Server 11 SP4
< 2.7.6-0.64.1
suse•libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 2.7.6-0.64.1
suse•libxml2&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 2.7.6-0.64.1

SUSE-SU-2017:0164-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)