SUSE-SU-2018:3081-1 -- SLES libxml2-debugsource, libxml2-2, libxml2-tools, python-libxml2ID: oval:org.secpod.oval:def:89043589 | Date: (C)2021-03-05 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint . - CVE-2018-14567: Prevent denial of service via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint . - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack . - CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
Product: |
libxml2-debugsource |
libxml2-2 |
libxml2-tools |
python-libxml2 |