SUSE-SU-2017:0164-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170164-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0164-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0164-1
Related
Published
2017-01-16T15:24:02Z
Modified
2017-01-16T15:24:02Z
Summary
Security update for libxml2
Details

This update for libxml2 fixes the following issues:

  • CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675).
  • Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873)
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / libxml2

Package

Name
libxml2
Purl
purl:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-0.64.1

Ecosystem specific

{
    "binaries": [
        {
            "libxml2-devel-32bit": "2.7.6-0.64.1",
            "libxml2-devel": "2.7.6-0.64.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / libxml2

Package

Name
libxml2
Purl
purl:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-0.64.1

Ecosystem specific

{
    "binaries": [
        {
            "libxml2": "2.7.6-0.64.1",
            "libxml2-32bit": "2.7.6-0.64.1",
            "libxml2-doc": "2.7.6-0.64.1",
            "libxml2-x86": "2.7.6-0.64.1",
            "libxml2-python": "2.7.6-0.64.4"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / libxml2-python

Package

Name
libxml2-python
Purl
purl:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-0.64.4

Ecosystem specific

{
    "binaries": [
        {
            "libxml2": "2.7.6-0.64.1",
            "libxml2-32bit": "2.7.6-0.64.1",
            "libxml2-doc": "2.7.6-0.64.1",
            "libxml2-x86": "2.7.6-0.64.1",
            "libxml2-python": "2.7.6-0.64.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / libxml2

Package

Name
libxml2
Purl
purl:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-0.64.1

Ecosystem specific

{
    "binaries": [
        {
            "libxml2": "2.7.6-0.64.1",
            "libxml2-32bit": "2.7.6-0.64.1",
            "libxml2-doc": "2.7.6-0.64.1",
            "libxml2-x86": "2.7.6-0.64.1",
            "libxml2-python": "2.7.6-0.64.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / libxml2-python

Package

Name
libxml2-python
Purl
purl:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-0.64.4

Ecosystem specific

{
    "binaries": [
        {
            "libxml2": "2.7.6-0.64.1",
            "libxml2-32bit": "2.7.6-0.64.1",
            "libxml2-doc": "2.7.6-0.64.1",
            "libxml2-x86": "2.7.6-0.64.1",
            "libxml2-python": "2.7.6-0.64.4"
        }
    ]
}