Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3107-1 Final 1 1 2018-10-12T05:53:42Z current 2018-10-12T05:53:42Z 2018-10-12T05:53:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279). - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166). - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046). - CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file (bsc#1088601). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html E-Mail link for openSUSE-SU-2018:3107-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libxml2-2.9.4-18.1 libxml2-2-2.9.4-18.1 libxml2-2-32bit-2.9.4-18.1 libxml2-devel-2.9.4-18.1 libxml2-devel-32bit-2.9.4-18.1 libxml2-doc-2.9.4-18.1 libxml2-tools-2.9.4-18.1 python-libxml2-2.9.4-18.1 libxml2-2.9.4-18.1 as a component of openSUSE Leap 42.3 libxml2-2-2.9.4-18.1 as a component of openSUSE Leap 42.3 libxml2-2-32bit-2.9.4-18.1 as a component of openSUSE Leap 42.3 libxml2-devel-2.9.4-18.1 as a component of openSUSE Leap 42.3 libxml2-devel-32bit-2.9.4-18.1 as a component of openSUSE Leap 42.3 libxml2-doc-2.9.4-18.1 as a component of openSUSE Leap 42.3 libxml2-tools-2.9.4-18.1 as a component of openSUSE Leap 42.3 python-libxml2-2.9.4-18.1 as a component of openSUSE Leap 42.3 The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. CVE-2017-18258 openSUSE Leap 42.3:libxml2-2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-doc-2.9.4-18.1 openSUSE Leap 42.3:libxml2-tools-2.9.4-18.1 openSUSE Leap 42.3:python-libxml2-2.9.4-18.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html https://www.suse.com/security/cve/CVE-2017-18258.html CVE-2017-18258 https://bugzilla.suse.com/1088279 SUSE Bug 1088279 https://bugzilla.suse.com/1088601 SUSE Bug 1088601 https://bugzilla.suse.com/1105166 SUSE Bug 1105166 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. CVE-2018-14404 openSUSE Leap 42.3:libxml2-2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-doc-2.9.4-18.1 openSUSE Leap 42.3:libxml2-tools-2.9.4-18.1 openSUSE Leap 42.3:python-libxml2-2.9.4-18.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html https://www.suse.com/security/cve/CVE-2018-14404.html CVE-2018-14404 https://bugzilla.suse.com/1102046 SUSE Bug 1102046 https://bugzilla.suse.com/1148896 SUSE Bug 1148896 libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. CVE-2018-14567 openSUSE Leap 42.3:libxml2-2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-doc-2.9.4-18.1 openSUSE Leap 42.3:libxml2-tools-2.9.4-18.1 openSUSE Leap 42.3:python-libxml2-2.9.4-18.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html https://www.suse.com/security/cve/CVE-2018-14567.html CVE-2018-14567 https://bugzilla.suse.com/1088279 SUSE Bug 1088279 https://bugzilla.suse.com/1088601 SUSE Bug 1088601 https://bugzilla.suse.com/1105166 SUSE Bug 1105166 The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. CVE-2018-9251 openSUSE Leap 42.3:libxml2-2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-2.9.4-18.1 openSUSE Leap 42.3:libxml2-devel-32bit-2.9.4-18.1 openSUSE Leap 42.3:libxml2-doc-2.9.4-18.1 openSUSE Leap 42.3:libxml2-tools-2.9.4-18.1 openSUSE Leap 42.3:python-libxml2-2.9.4-18.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html https://www.suse.com/security/cve/CVE-2018-9251.html CVE-2018-9251 https://bugzilla.suse.com/1088279 SUSE Bug 1088279 https://bugzilla.suse.com/1088601 SUSE Bug 1088601 https://bugzilla.suse.com/1105166 SUSE Bug 1105166