SUSE-SU-2017:0164-1: moderate: Security update for libxml2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Jan 16 11:27:21 MST 2017
SUSE Security Update: Security update for libxml2
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0164-1
Rating: moderate
References: #1010675 #1014873
Cross-References: CVE-2016-9318
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for libxml2 fixes the following issues:
* CVE-2016-9318: libxml2 did not offer a flag directly indicating that the
current document may be read but other files may not be opened, which
made it easier for remote attackers to conduct XML External Entity (XXE)
attacks via a crafted document (bsc#1010675).
* Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and
infinite recursion in xmlParseConditionalSections when in recovery
mode(bnc#1014873)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libxml2-12940=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-libxml2-12940=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-libxml2-12940=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libxml2-devel-2.7.6-0.64.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
libxml2-devel-32bit-2.7.6-0.64.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libxml2-2.7.6-0.64.1
libxml2-doc-2.7.6-0.64.1
libxml2-python-2.7.6-0.64.4
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libxml2-32bit-2.7.6-0.64.1
- SUSE Linux Enterprise Server 11-SP4 (ia64):
libxml2-x86-2.7.6-0.64.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libxml2-debuginfo-2.7.6-0.64.1
libxml2-debugsource-2.7.6-0.64.1
libxml2-python-debuginfo-2.7.6-0.64.4
libxml2-python-debugsource-2.7.6-0.64.4
References:
https://www.suse.com/security/cve/CVE-2016-9318.html
https://bugzilla.suse.com/1010675
https://bugzilla.suse.com/1014873
More information about the sle-security-updates
mailing list