Security update for libxml2

Announcement ID:	SUSE-SU-2016:0049-1
Rating:	moderate
References:	bsc#928193 bsc#951734 bsc#951735 bsc#954429 bsc#956018 bsc#956021 bsc#956260 bsc#957105 bsc#957106 bsc#957107 bsc#957109 bsc#957110
Cross-References:	CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1

An update that solves 12 vulnerabilities can now be installed.

Description:

• security update: This update fixes the following security issues:

  • CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]
  • CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]
  • CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]
  • CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]
  • CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]
  • CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]
  • CVE-2015-5312 Fix another entity expansion issue [bnc#957105]
  • CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]
  • CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]
  • CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]
  • CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]
  • CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]
  • CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-38=1
• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2016-38=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2016-38=1
• SUSE Linux Enterprise Software Development Kit 12 SP1
  zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-38=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2016-38=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2016-38=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-38=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-38=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • libxml2-2-32bit-2.9.1-13.1
  • libxml2-2-2.9.1-13.1
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-2.9.1-13.1
  • python-libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-debuginfo-2.9.1-13.1
  • python-libxml2-2.9.1-13.1
  • libxml2-2-debuginfo-32bit-2.9.1-13.1
  • python-libxml2-debuginfo-2.9.1-13.1
  • libxml2-2-debuginfo-2.9.1-13.1
• SUSE Linux Enterprise Desktop 12 (x86_64)
  • libxml2-2-32bit-2.9.1-13.1
  • libxml2-2-2.9.1-13.1
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-2.9.1-13.1
  • python-libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-debuginfo-2.9.1-13.1
  • python-libxml2-2.9.1-13.1
  • libxml2-2-debuginfo-32bit-2.9.1-13.1
  • python-libxml2-debuginfo-2.9.1-13.1
  • libxml2-2-debuginfo-2.9.1-13.1
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-devel-2.9.1-13.1
• SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-devel-2.9.1-13.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • libxml2-2-2.9.1-13.1
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-2.9.1-13.1
  • python-libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-debuginfo-2.9.1-13.1
  • python-libxml2-2.9.1-13.1
  • python-libxml2-debuginfo-2.9.1-13.1
  • libxml2-2-debuginfo-2.9.1-13.1
• SUSE Linux Enterprise Server 12 (noarch)
  • libxml2-doc-2.9.1-13.1
• SUSE Linux Enterprise Server 12 (s390x x86_64)
  • libxml2-2-debuginfo-32bit-2.9.1-13.1
  • libxml2-2-32bit-2.9.1-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • libxml2-2-32bit-2.9.1-13.1
  • libxml2-2-2.9.1-13.1
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-2.9.1-13.1
  • python-libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-debuginfo-2.9.1-13.1
  • python-libxml2-2.9.1-13.1
  • libxml2-2-debuginfo-32bit-2.9.1-13.1
  • python-libxml2-debuginfo-2.9.1-13.1
  • libxml2-2-debuginfo-2.9.1-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
  • libxml2-doc-2.9.1-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • libxml2-2-2.9.1-13.1
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-2.9.1-13.1
  • python-libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-debuginfo-2.9.1-13.1
  • python-libxml2-2.9.1-13.1
  • python-libxml2-debuginfo-2.9.1-13.1
  • libxml2-2-debuginfo-2.9.1-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
  • libxml2-doc-2.9.1-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • libxml2-2-debuginfo-32bit-2.9.1-13.1
  • libxml2-2-32bit-2.9.1-13.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • libxml2-2-2.9.1-13.1
  • libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-2.9.1-13.1
  • python-libxml2-debugsource-2.9.1-13.1
  • libxml2-tools-debuginfo-2.9.1-13.1
  • python-libxml2-2.9.1-13.1
  • python-libxml2-debuginfo-2.9.1-13.1
  • libxml2-2-debuginfo-2.9.1-13.1
• SUSE Linux Enterprise Server 12 SP1 (noarch)
  • libxml2-doc-2.9.1-13.1
• SUSE Linux Enterprise Server 12 SP1 (s390x x86_64)
  • libxml2-2-debuginfo-32bit-2.9.1-13.1
  • libxml2-2-32bit-2.9.1-13.1

References:

• https://www.suse.com/security/cve/CVE-2015-1819.html
• https://www.suse.com/security/cve/CVE-2015-5312.html
• https://www.suse.com/security/cve/CVE-2015-7497.html
• https://www.suse.com/security/cve/CVE-2015-7498.html
• https://www.suse.com/security/cve/CVE-2015-7499.html
• https://www.suse.com/security/cve/CVE-2015-7500.html
• https://www.suse.com/security/cve/CVE-2015-7941.html
• https://www.suse.com/security/cve/CVE-2015-7942.html
• https://www.suse.com/security/cve/CVE-2015-8035.html
• https://www.suse.com/security/cve/CVE-2015-8241.html
• https://www.suse.com/security/cve/CVE-2015-8242.html
• https://www.suse.com/security/cve/CVE-2015-8317.html
• https://bugzilla.suse.com/show_bug.cgi?id=928193
• https://bugzilla.suse.com/show_bug.cgi?id=951734
• https://bugzilla.suse.com/show_bug.cgi?id=951735
• https://bugzilla.suse.com/show_bug.cgi?id=954429
• https://bugzilla.suse.com/show_bug.cgi?id=956018
• https://bugzilla.suse.com/show_bug.cgi?id=956021
• https://bugzilla.suse.com/show_bug.cgi?id=956260
• https://bugzilla.suse.com/show_bug.cgi?id=957105
• https://bugzilla.suse.com/show_bug.cgi?id=957106
• https://bugzilla.suse.com/show_bug.cgi?id=957107
• https://bugzilla.suse.com/show_bug.cgi?id=957109
• https://bugzilla.suse.com/show_bug.cgi?id=957110