SUSE-SU-2013:1627-1: important: Security update for libxml2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Nov 4 10:04:10 MST 2013


   SUSE Security Update: Security update for libxml2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1627-1
Rating:             important
References:         #829077 
Cross-References:   CVE-2011-3102 CVE-2011-3919 CVE-2012-0841
                    CVE-2012-2807 CVE-2012-5134 CVE-2013-0338
                    CVE-2013-0339 CVE-2013-2877
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:


   libxml2 has been updated to fix the following security
   issue:

   * CVE-2013-0338: libxml2 allowed context-dependent
   attackers to cause a denial of service (CPU and memory
   consumption) via an XML file containing an entity
   declaration with long replacement text and many references
   to this entity, aka "internal entity expansion" with linear
   complexity.

   Security Issue references:

   * CVE-2013-0338
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
   >
   * CVE-2013-0339
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339
   >
   * CVE-2012-5134
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
   >
   * CVE-2012-2807
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
   >
   * CVE-2011-3102
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
   >
   * CVE-2012-0841
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
   >
   * CVE-2011-3919
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919
   >
   * CVE-2013-2877
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

      libxml2-2.6.23-15.39.1
      libxml2-devel-2.6.23-15.39.1
      libxml2-python-2.6.23-15.39.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):

      libxml2-32bit-2.6.23-15.39.1
      libxml2-devel-32bit-2.6.23-15.39.1


References:

   http://support.novell.com/security/cve/CVE-2011-3102.html
   http://support.novell.com/security/cve/CVE-2011-3919.html
   http://support.novell.com/security/cve/CVE-2012-0841.html
   http://support.novell.com/security/cve/CVE-2012-2807.html
   http://support.novell.com/security/cve/CVE-2012-5134.html
   http://support.novell.com/security/cve/CVE-2013-0338.html
   http://support.novell.com/security/cve/CVE-2013-0339.html
   http://support.novell.com/security/cve/CVE-2013-2877.html
   https://bugzilla.novell.com/829077
   http://download.novell.com/patch/finder/?keywords=aeb05c467f847178dc94b70e3bc77cc8



More information about the sle-security-updates mailing list