SUSE-CU-2023:1308-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Apr 28 07:12:27 UTC 2023


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1308-1
Container Tags        : suse/sle15:15.2 , suse/sle15:15.2.9.5.288
Container Release     : 9.5.288
Severity              : important
Type                  : security
References            : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824
                        CVE-2023-28484 CVE-2023-29469 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2048-1
Released:    Wed Apr 26 21:05:45 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). 
  
  The following non-security bugs were fixed:

- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . 


The following package changes have been done:

- libxml2-2-2.9.7-150000.3.57.1 updated


More information about the sle-security-updates mailing list