SUSE-SU-2017:0164-1: moderate: Security update for libxml2

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Jan 16 11:27:21 MST 2017


   SUSE Security Update: Security update for libxml2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0164-1
Rating:             moderate
References:         #1010675 #1014873 
Cross-References:   CVE-2016-9318
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update for libxml2 fixes the following issues:

   * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the
     current document may be read but other files may not be opened, which
     made it easier for remote attackers to conduct XML External Entity (XXE)
     attacks via a crafted document (bsc#1010675).
   * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and
     infinite recursion in xmlParseConditionalSections when in recovery
     mode(bnc#1014873)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-libxml2-12940=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-libxml2-12940=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-libxml2-12940=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libxml2-devel-2.7.6-0.64.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libxml2-devel-32bit-2.7.6-0.64.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libxml2-2.7.6-0.64.1
      libxml2-doc-2.7.6-0.64.1
      libxml2-python-2.7.6-0.64.4

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libxml2-32bit-2.7.6-0.64.1

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      libxml2-x86-2.7.6-0.64.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libxml2-debuginfo-2.7.6-0.64.1
      libxml2-debugsource-2.7.6-0.64.1
      libxml2-python-debuginfo-2.7.6-0.64.4
      libxml2-python-debugsource-2.7.6-0.64.4


References:

   https://www.suse.com/security/cve/CVE-2016-9318.html
   https://bugzilla.suse.com/1010675
   https://bugzilla.suse.com/1014873



More information about the sle-updates mailing list