Bugzilla – Bug 1078806
VUL-0: CVE-2017-5130: libxml2: remote buffer overflow
Last modified: 2019-09-25 17:55:16 UTC
Details via rh analysis: The affected function xmlMemoryStrdup() is a debug-only function that should never be called in production builds. The only exception is xmllint when invoked with --maxmem. The same issue applies to xmlMallocLoc xmlReallocLoc This issue is fixed via the following upstream commit: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed Referenced at: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (currently private)
I can access https://bugzilla.gnome.org/show_bug.cgi?id=783026 for details (when logged in).
Packages submitted: openSUSE:Factory 2.9.7 Fixed upstream SUSE:SLE-15 2.9.7 Fixed upstream SUSE:SLE-12-SP2:Update 2.9.4 libxml2-2.9.4-CVE-2017-5130.patch sr#153759 SUSE:SLE-11-SP1:Update 2.7.6 libxml2-2.7.6-CVE-2017-5130.patch sr#153763 SUSE:SLE-10-SP3:Update 2.6.23 libxml2-2.6.23-CVE-2017-5130.patch sr#153764
Created attachment 758615 [details] Patches for SLE-1{0,1,2}
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-02-20. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63962
SUSE-SU-2018:0395-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1069689,1077993,1078806,1078813 CVE References: CVE-2016-5131,CVE-2017-15412,CVE-2017-16932,CVE-2017-5130 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libxml2-2.7.6-0.77.10.1 SUSE Linux Enterprise Server 11-SP4 (src): libxml2-2.7.6-0.77.10.1, libxml2-python-2.7.6-0.77.10.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libxml2-2.7.6-0.77.10.1, libxml2-python-2.7.6-0.77.10.1
SUSE-SU-2018:0401-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1077993,1078806,1078813 CVE References: CVE-2016-5131,CVE-2017-15412,CVE-2017-5130 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libxml2-2.9.4-46.12.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): libxml2-2.9.4-46.12.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): libxml2-2.9.4-46.12.1, python-libxml2-2.9.4-46.12.1 SUSE Linux Enterprise Server 12-SP3 (src): libxml2-2.9.4-46.12.1, python-libxml2-2.9.4-46.12.1 SUSE Linux Enterprise Server 12-SP2 (src): libxml2-2.9.4-46.12.1, python-libxml2-2.9.4-46.12.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libxml2-2.9.4-46.12.1, python-libxml2-2.9.4-46.12.1 SUSE Linux Enterprise Desktop 12-SP2 (src): libxml2-2.9.4-46.12.1, python-libxml2-2.9.4-46.12.1 SUSE CaaS Platform ALL (src): libxml2-2.9.4-46.12.1 OpenStack Cloud Magnum Orchestration 7 (src): libxml2-2.9.4-46.12.1
openSUSE-SU-2018:0418-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1077993,1078806,1078813 CVE References: CVE-2016-5131,CVE-2017-15412,CVE-2017-5130 Sources used: openSUSE Leap 42.3 (src): libxml2-2.9.4-15.1, python-libxml2-2.9.4-15.1
released