Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:1587-1 Final 1 1 2017-06-16T15:00:38Z current 2017-06-16T15:00:38Z 2017-06-16T15:00:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SAP-12-2017-975,SUSE-SLE-SAP-12-SP1-2017-975,SUSE-SLE-SERVER-12-2017-975,SUSE-SLE-SERVER-12-SP1-2017-975 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20171587-1/ Link for SUSE-SU-2017:1587-1 https://lists.suse.com/pipermail/sle-security-updates/2017-June/002950.html E-Mail link for SUSE-SU-2017:1587-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1039063 SUSE Bug 1039063 https://bugzilla.suse.com/1039064 SUSE Bug 1039064 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039069 SUSE Bug 1039069 https://bugzilla.suse.com/1039661 SUSE Bug 1039661 https://www.suse.com/security/cve/CVE-2017-9047/ SUSE CVE CVE-2017-9047 page https://www.suse.com/security/cve/CVE-2017-9048/ SUSE CVE CVE-2017-9048 page https://www.suse.com/security/cve/CVE-2017-9049/ SUSE CVE CVE-2017-9049 page https://www.suse.com/security/cve/CVE-2017-9050/ SUSE CVE CVE-2017-9050 page SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 libxml2-2-2.9.1-26.15.1 libxml2-2-32bit-2.9.1-26.15.1 libxml2-doc-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 libxml2-2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libxml2-2-32bit-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libxml2-doc-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libxml2-tools-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS python-libxml2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libxml2-2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12-LTSS libxml2-2-32bit-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12-LTSS libxml2-doc-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12-LTSS libxml2-tools-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12-LTSS python-libxml2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server 12-LTSS libxml2-2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libxml2-2-32bit-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libxml2-doc-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libxml2-tools-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 python-libxml2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libxml2-2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libxml2-2-32bit-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libxml2-doc-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libxml2-tools-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-libxml2-2.9.1-26.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVE-2017-9047 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-26.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171587-1/ https://www.suse.com/security/cve/CVE-2017-9047.html CVE-2017-9047 https://bugzilla.suse.com/1039063 SUSE Bug 1039063 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039657 SUSE Bug 1039657 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVE-2017-9048 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-26.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171587-1/ https://www.suse.com/security/cve/CVE-2017-9048.html CVE-2017-9048 https://bugzilla.suse.com/1039064 SUSE Bug 1039064 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039658 SUSE Bug 1039658 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. CVE-2017-9049 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-26.15.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171587-1/ https://www.suse.com/security/cve/CVE-2017-9049.html CVE-2017-9049 https://bugzilla.suse.com/1039063 SUSE Bug 1039063 https://bugzilla.suse.com/1039064 SUSE Bug 1039064 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039659 SUSE Bug 1039659 https://bugzilla.suse.com/1039661 SUSE Bug 1039661 https://bugzilla.suse.com/1069690 SUSE Bug 1069690 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. CVE-2017-9050 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12 SP1-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server 12-LTSS:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-26.15.1 SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-26.15.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171587-1/ https://www.suse.com/security/cve/CVE-2017-9050.html CVE-2017-9050 https://bugzilla.suse.com/1039066 SUSE Bug 1039066 https://bugzilla.suse.com/1039069 SUSE Bug 1039069 https://bugzilla.suse.com/1039661 SUSE Bug 1039661 https://bugzilla.suse.com/1069433 SUSE Bug 1069433 https://bugzilla.suse.com/1069690 SUSE Bug 1069690 https://bugzilla.suse.com/1123919 SUSE Bug 1123919