SUSE-SU-2018:3080-1 -- SLES libxml, python-libxml2-python-debugsource, python2-libxml2-python, python3-libxml2-python| ID: oval:org.secpod.oval:def:89049770 | Date: (C)2023-12-20 (M)2024-04-17 |
| Class: PATCH | Family: unix |
This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint - CVE-2018-14567: Prevent denial of service via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack
| Platform: |
| SUSE Linux Enterprise Server 15 |
| SUSE Linux Enterprise Desktop 15 |
| Product: |
| libxml |
| python-libxml2-python-debugsource |
| python2-libxml2-python |
| python3-libxml2-python |
