Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1510-1 Final 1 1 2017-06-08T10:14:54Z current 2017-06-08T10:14:54Z 2017-06-08T10:14:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (bsc#1039063, bsc#1039064) - CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read. (bsc#1039066) - CVE-2017-9050: The function xmlDictAddString was vulnerable to a heap-based buffer over-read (bsc#1039661) - CVE-2016-1839: heap-based buffer overflow (xmlDictAddString func) (bnc#1039069) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-06/msg00022.html E-Mail link for openSUSE-SU-2017:1510-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 libxml2-2.9.4-5.3.1 libxml2-2-2.9.4-5.3.1 libxml2-2-32bit-2.9.4-5.3.1 libxml2-devel-2.9.4-5.3.1 libxml2-devel-32bit-2.9.4-5.3.1 libxml2-doc-2.9.4-5.3.1 libxml2-tools-2.9.4-5.3.1 python-libxml2-2.9.4-5.3.1 libxml2-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 libxml2-2-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 libxml2-2-32bit-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 libxml2-devel-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 libxml2-devel-32bit-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 libxml2-doc-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 libxml2-tools-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 python-libxml2-2.9.4-5.3.1 as a component of openSUSE Leap 42.2 The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. CVE-2016-1839 openSUSE Leap 42.2:libxml2-2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-doc-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-tools-2.9.4-5.3.1 openSUSE Leap 42.2:python-libxml2-2.9.4-5.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-06/msg00022.html https://www.suse.com/security/cve/CVE-2016-1839.html CVE-2016-1839 https://bugzilla.suse.com/1039069 SUSE Bug 1039069 https://bugzilla.suse.com/1039661 SUSE Bug 1039661 https://bugzilla.suse.com/1069433 SUSE Bug 1069433 https://bugzilla.suse.com/1069690 SUSE Bug 1069690 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/963963 SUSE Bug 963963 https://bugzilla.suse.com/981114 SUSE Bug 981114 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVE-2017-9047 openSUSE Leap 42.2:libxml2-2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-doc-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-tools-2.9.4-5.3.1 openSUSE Leap 42.2:python-libxml2-2.9.4-5.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-06/msg00022.html https://www.suse.com/security/cve/CVE-2017-9047.html CVE-2017-9047 https://bugzilla.suse.com/1039063 SUSE Bug 1039063 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039657 SUSE Bug 1039657 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVE-2017-9048 openSUSE Leap 42.2:libxml2-2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-doc-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-tools-2.9.4-5.3.1 openSUSE Leap 42.2:python-libxml2-2.9.4-5.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-06/msg00022.html https://www.suse.com/security/cve/CVE-2017-9048.html CVE-2017-9048 https://bugzilla.suse.com/1039064 SUSE Bug 1039064 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039658 SUSE Bug 1039658 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. CVE-2017-9049 openSUSE Leap 42.2:libxml2-2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-doc-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-tools-2.9.4-5.3.1 openSUSE Leap 42.2:python-libxml2-2.9.4-5.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-06/msg00022.html https://www.suse.com/security/cve/CVE-2017-9049.html CVE-2017-9049 https://bugzilla.suse.com/1039063 SUSE Bug 1039063 https://bugzilla.suse.com/1039064 SUSE Bug 1039064 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039659 SUSE Bug 1039659 https://bugzilla.suse.com/1039661 SUSE Bug 1039661 https://bugzilla.suse.com/1069690 SUSE Bug 1069690 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. CVE-2017-9050 openSUSE Leap 42.2:libxml2-2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-devel-32bit-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-doc-2.9.4-5.3.1 openSUSE Leap 42.2:libxml2-tools-2.9.4-5.3.1 openSUSE Leap 42.2:python-libxml2-2.9.4-5.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-06/msg00022.html https://www.suse.com/security/cve/CVE-2017-9050.html CVE-2017-9050 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039069 SUSE Bug 1039069 https://bugzilla.suse.com/1039661 SUSE Bug 1039661 https://bugzilla.suse.com/1069433 SUSE Bug 1069433 https://bugzilla.suse.com/1069690 SUSE Bug 1069690 https://bugzilla.suse.com/1123919 SUSE Bug 1123919