Security update for xmltooling SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1235-1 Final 1 1 2019-04-18T13:03:11Z current 2019-04-18T13:03:11Z 2019-04-18T13:03:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xmltooling This update for xmltooling fixes the following issues: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1235 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7N5AKYN2B3HGTOARHBSRNN6OFMMTUGE/#O7N5AKYN2B3HGTOARHBSRNN6OFMMTUGE E-Mail link for openSUSE-SU-2019:1235-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1129537 SUSE Bug 1129537 https://www.suse.com/security/cve/CVE-2019-9628/ SUSE CVE CVE-2019-9628 page openSUSE Leap 15.0 libxmltooling-devel-1.6.4-lp150.2.3.1 libxmltooling7-1.6.4-lp150.2.3.1 xmltooling-schemas-1.6.4-lp150.2.3.1 libxmltooling-devel-1.6.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 libxmltooling7-1.6.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 xmltooling-schemas-1.6.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. CVE-2019-9628 openSUSE Leap 15.0:libxmltooling-devel-1.6.4-lp150.2.3.1 openSUSE Leap 15.0:libxmltooling7-1.6.4-lp150.2.3.1 openSUSE Leap 15.0:xmltooling-schemas-1.6.4-lp150.2.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7N5AKYN2B3HGTOARHBSRNN6OFMMTUGE/#O7N5AKYN2B3HGTOARHBSRNN6OFMMTUGE https://www.suse.com/security/cve/CVE-2019-9628.html CVE-2019-9628 https://bugzilla.suse.com/1129537 SUSE Bug 1129537