SUSE-SU-2018:3080-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3080-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:3080-1
- Related
- Published
- 2018-10-09T09:08:39Z
- Modified
- 2018-10-09T09:08:39Z
- Summary
- Security update for libxml2
- Details
-
This update for libxml2 fixes the following security issues:
- CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMAMEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279)
- CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint (bsc#1105166)
- CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case leading to a denial of service attack (bsc#1102046)
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20183080-1/
- https://bugzilla.suse.com/1088279
- https://bugzilla.suse.com/1102046
- https://bugzilla.suse.com/1105166
- https://www.suse.com/security/cve/CVE-2018-14404
- https://www.suse.com/security/cve/CVE-2018-14567
- https://www.suse.com/security/cve/CVE-2018-9251
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 / libxml2
Package
- Name
- libxml2
- Purl
- purl:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015