[Forgot Password]
Login  Register Subscribe

23631

 
 

122494

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1538-1 -- Suse libxml2

ID: oval:org.secpod.oval:def:400734Date: (C)2016-11-22   (M)2017-11-27
Class: PATCHFamily: unix




This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter.

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
libxml2-2
Reference:
SUSE-SU-2016:1538-1
CVE-2015-8806
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-2073
CVE-2016-3705
CVE-2016-4447
CVE-2016-4448
CVE-2016-4449
CVE-2016-4483
CVE    15
CVE-2016-4483
CVE-2015-8806
CVE-2016-2073
CVE-2016-4449
...
CPE    26
cpe:/a:xmlsoft:libxml2
cpe:/o:apple:apple_tv:9.1
cpe:/a:ibm:lotus_protector_for_mail_security:2.8
cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1
...

© 2013 SecPod Technologies