File _patchinfo of Package patchinfo.4815

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.4815

<patchinfo incident="4815">
  <issue id="1039069" tracker="bnc"></issue>
  <issue id="1039064" tracker="bnc">VUL-0: CVE-2017-9048: libxml2: stack overflow vulnerability strcat two more characters without checking whether the current strlen(buf) + 2 &lt; size (xmlSnprintfElementContent func in valid.c)</issue>
  <issue id="1039066" tracker="bnc">VUL-0: CVE-2017-9049: libxml2: heap-based buffer overflow (xmlDictComputeFastKey func)</issue>
  <issue id="1039661" tracker="bnc"> VUL-0: CVE-2017-9050: libxml2: heap-based buffer over-read in function xmlDictAddString</issue>
  <issue id="1039063" tracker="bnc">VUL-0: CVE-2017-9047: libxml2: stack overflow vulnerability (xmlSnprintfElementContent func in valid.c)</issue>
  <issue id="981114"  tracker="bnc">VUL-0: CVE-2016-1839: libxml2: Heap-based buffer overread in xmlDictAddString</issue>

<category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>
This update for libxml2 fixes the following issues:

- CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (bsc#1039063, bsc#1039064)
- CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read. (bsc#1039066)
- CVE-2017-9050: The function xmlDictAddString was vulnerable to a heap-based buffer over-read (bsc#1039661)
- CVE-2016-1839: heap-based buffer overflow (xmlDictAddString func) (bnc#1039069)

</description>
  <summary>Security update for libxml2</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.4815

Places