Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-8035
Vulnerability from cvelistv5
Published
2015-11-18 16:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:06:31.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "APPLE-SA-2016-03-21-5", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { name: "openSUSE-SU-2016:0106", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT206167", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT206168", }, { name: "DSA-3430", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3430", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { name: "APPLE-SA-2016-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xmlsoft.org/news.html", }, { name: "FEDORA-2016-a9ee80b01d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "RHSA-2016:1089", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { name: "APPLE-SA-2016-03-21-2", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "1034243", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034243", }, { name: "USN-2812-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2812-1", }, { name: "[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { name: "FEDORA-2016-189a7bf68c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { name: "[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { name: "GLSA-201701-37", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-37", }, { name: "77390", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77390", }, { name: "openSUSE-SU-2015:2372", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { name: "APPLE-SA-2016-03-21-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT206169", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT206166", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-02T00:00:00", descriptions: [ { lang: "en", value: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-13T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "APPLE-SA-2016-03-21-5", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { name: "openSUSE-SU-2016:0106", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT206167", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT206168", }, { name: "DSA-3430", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3430", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { name: "APPLE-SA-2016-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xmlsoft.org/news.html", }, { name: "FEDORA-2016-a9ee80b01d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "RHSA-2016:1089", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { name: "APPLE-SA-2016-03-21-2", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "1034243", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034243", }, { name: "USN-2812-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2812-1", }, { name: "[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { name: "FEDORA-2016-189a7bf68c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { name: "[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { name: "GLSA-201701-37", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201701-37", }, { name: "77390", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77390", }, { name: "openSUSE-SU-2015:2372", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { name: "APPLE-SA-2016-03-21-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT206169", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT206166", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8035", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "APPLE-SA-2016-03-21-5", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { name: "openSUSE-SU-2016:0106", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { name: "https://support.apple.com/HT206167", refsource: "CONFIRM", url: "https://support.apple.com/HT206167", }, { name: "https://support.apple.com/HT206168", refsource: "CONFIRM", url: "https://support.apple.com/HT206168", }, { name: "DSA-3430", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3430", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { name: "APPLE-SA-2016-03-21-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { name: "http://xmlsoft.org/news.html", refsource: "CONFIRM", url: "http://xmlsoft.org/news.html", }, { name: "FEDORA-2016-a9ee80b01d", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "RHSA-2016:1089", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { name: "APPLE-SA-2016-03-21-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "1034243", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034243", }, { name: "USN-2812-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2812-1", }, { name: "[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { name: "FEDORA-2016-189a7bf68c", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { name: "[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { name: "GLSA-201701-37", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-37", }, { name: "77390", refsource: "BID", url: "http://www.securityfocus.com/bid/77390", }, { name: "openSUSE-SU-2015:2372", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { name: "APPLE-SA-2016-03-21-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { name: "https://support.apple.com/HT206169", refsource: "CONFIRM", url: "https://support.apple.com/HT206169", }, { name: "https://support.apple.com/HT206166", refsource: "CONFIRM", url: "https://support.apple.com/HT206166", }, { name: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", refsource: "CONFIRM", url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8035", datePublished: "2015-11-18T16:00:00", dateReserved: "2015-11-02T00:00:00", dateUpdated: "2024-08-06T08:06:31.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1C1561E-1CEA-490B-B0C4-D33AA6340E24\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2.1\", \"matchCriteriaId\": \"080450EA-85C1-454D-98F9-5286D69CF237\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.11.3\", \"matchCriteriaId\": \"D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.1\", \"matchCriteriaId\": \"B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.1\", \"matchCriteriaId\": \"FBF14807-BA21-480B-9ED0-A6D53352E87F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n xz_decomp en xzlib.c en libxml2 2.9.1 no detecta adecuadamente los errores de compresi\\u00f3n, lo que permite a atacantes dependientes del contexto causar una denegaci\\u00f3n de servicio (cuelgue del proceso) a trav\\u00e9s de datos XML manipulados.\"}]", id: "CVE-2015-8035", lastModified: "2024-11-21T02:37:53.517", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2015-11-18T16:59:09.883", references: "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1089.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3430\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/11/02/2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/11/02/4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/11/03/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/77390\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1034243\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2812-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://xmlsoft.org/news.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=757466\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-37\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT206166\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT206167\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT206168\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT206169\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1089.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/11/02/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/11/02/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/11/03/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/77390\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034243\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2812-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xmlsoft.org/news.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=757466\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-37\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206167\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2015-8035\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-11-18T16:59:09.883\",\"lastModified\":\"2024-11-21T02:37:53.517\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\"},{\"lang\":\"es\",\"value\":\"La función xz_decomp en xzlib.c en libxml2 2.9.1 no detecta adecuadamente los errores de compresión, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cuelgue del proceso) a través de datos XML manipulados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1C1561E-1CEA-490B-B0C4-D33AA6340E24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.1\",\"matchCriteriaId\":\"080450EA-85C1-454D-98F9-5286D69CF237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.11.3\",\"matchCriteriaId\":\"D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.1\",\"matchCriteriaId\":\"B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1\",\"matchCriteriaId\":\"FBF14807-BA21-480B-9ED0-A6D53352E87F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1089.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3430\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/11/02/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/11/02/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/11/03/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/77390\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1034243\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2812-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://xmlsoft.org/news.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=757466\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201701-37\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206166\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206167\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206168\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206169\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1089.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/11/02/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/11/02/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/11/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/77390\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2812-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xmlsoft.org/news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=757466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
RHBA-2020:1539
Vulnerability from csaf_redhat
Published
2020-04-22 13:24
Modified
2025-03-15 20:39
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1539", url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", tracking: { current_release_date: "2025-03-15T20:39:09+00:00", generator: { date: "2025-03-15T20:39:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:1539", initial_release_date: "2020-04-22T13:24:05+00:00", revision_history: [ { date: "2020-04-22T13:24:05+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:24:05+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T20:39:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.5::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_id: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower&tag=3.5.6-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", }, product_reference: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhba-2020:1539
Vulnerability from csaf_redhat
Published
2020-04-22 13:24
Modified
2025-03-15 20:39
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1539", url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", tracking: { current_release_date: "2025-03-15T20:39:09+00:00", generator: { date: "2025-03-15T20:39:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:1539", initial_release_date: "2020-04-22T13:24:05+00:00", revision_history: [ { date: "2020-04-22T13:24:05+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:24:05+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T20:39:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.5::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_id: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower&tag=3.5.6-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", }, product_reference: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
RHSA-2020:1190
Vulnerability from csaf_redhat
Published
2020-03-31 20:22
Modified
2025-01-09 05:39
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1190", url: "https://access.redhat.com/errata/RHSA-2020:1190", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", }, { category: "external", summary: "1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1190.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T05:39:41+00:00", generator: { date: "2025-01-09T05:39:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2020:1190", initial_release_date: "2020-03-31T20:22:50+00:00", revision_history: [ { date: "2020-03-31T20:22:50+00:00", number: "1", summary: "Initial version", }, { date: "2020-03-31T20:22:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:39:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-static-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-python-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-static-0:2.9.1-6.el7.4.s390", product_id: "libxml2-static-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-0:2.9.1-6.el7.4.s390", product_id: "libxml2-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390", product_id: "libxml2-devel-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-static-0:2.9.1-6.el7.4.i686", product_id: "libxml2-static-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-0:2.9.1-6.el7.4.i686", product_id: "libxml2-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686", product_id: "libxml2-devel-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.src", product: { name: "libxml2-0:2.9.1-6.el7.4.src", product_id: "libxml2-0:2.9.1-6.el7.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, ], }, vulnerabilities: [ { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, ], }
rhba-2020:1540
Vulnerability from csaf_redhat
Published
2020-04-22 13:21
Modified
2025-03-15 20:39
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Details
* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Fixed event hostnames to be recorded for playbooks run on isolated nodes
* Fixed a PostgreSQL issue that caused upgrade failures in certain situations
* Fixed the search for Source Control credentials in the Tower user interface
* Fixed a performance issue to no longer delay the output of project updates for certain users
* Fixed the installations to no longer fail with admin passwords that contain certain special characters
* Fixed the start time to correctly set for approval notifications
* Fixed an inconsistency in gathered inventory analytics
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated single sign-on integration to address several upcoming GitHub API deprecations
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
* Updated translations
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity\n* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Fixed event hostnames to be recorded for playbooks run on isolated nodes\n* Fixed a PostgreSQL issue that caused upgrade failures in certain situations\n* Fixed the search for Source Control credentials in the Tower user interface\n* Fixed a performance issue to no longer delay the output of project updates for certain users\n* Fixed the installations to no longer fail with admin passwords that contain certain special characters\n* Fixed the start time to correctly set for approval notifications\n* Fixed an inconsistency in gathered inventory analytics\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated single sign-on integration to address several upcoming GitHub API deprecations\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109\n* Updated translations", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1540", url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1540.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container", tracking: { current_release_date: "2025-03-15T20:39:18+00:00", generator: { date: "2025-03-15T20:39:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:1540", initial_release_date: "2020-04-22T13:21:59+00:00", revision_history: [ { date: "2020-04-22T13:21:59+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:21:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T20:39:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.6 for RHEL 7", product: { name: "Red Hat Ansible Tower 3.6 for RHEL 7", product_id: "7Server-Ansible-Tower-3.6", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product: { name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product_id: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f?arch=amd64&repository_url=registry.redhat.io/ansible-tower-36/ansible-tower&tag=3.6.4-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7", product_id: "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", }, product_reference: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.6", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, { acknowledgments: [ { names: [ "Rihards Olups", ], }, ], cve: "CVE-2020-10729", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, discovery_date: "2020-05-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1831089", }, ], notes: [ { category: "description", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: two random password lookups in same task return same value", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "RHBZ#1831089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10729", url: "https://www.cve.org/CVERecord?id=CVE-2020-10729", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", }, { category: "external", summary: "https://github.com/ansible/ansible/issues/34144", url: "https://github.com/ansible/ansible/issues/34144", }, ], release_date: "2017-12-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: two random password lookups in same task return same value", }, ], }
RHBA-2020:1540
Vulnerability from csaf_redhat
Published
2020-04-22 13:21
Modified
2025-03-15 20:39
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Details
* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Fixed event hostnames to be recorded for playbooks run on isolated nodes
* Fixed a PostgreSQL issue that caused upgrade failures in certain situations
* Fixed the search for Source Control credentials in the Tower user interface
* Fixed a performance issue to no longer delay the output of project updates for certain users
* Fixed the installations to no longer fail with admin passwords that contain certain special characters
* Fixed the start time to correctly set for approval notifications
* Fixed an inconsistency in gathered inventory analytics
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated single sign-on integration to address several upcoming GitHub API deprecations
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
* Updated translations
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity\n* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Fixed event hostnames to be recorded for playbooks run on isolated nodes\n* Fixed a PostgreSQL issue that caused upgrade failures in certain situations\n* Fixed the search for Source Control credentials in the Tower user interface\n* Fixed a performance issue to no longer delay the output of project updates for certain users\n* Fixed the installations to no longer fail with admin passwords that contain certain special characters\n* Fixed the start time to correctly set for approval notifications\n* Fixed an inconsistency in gathered inventory analytics\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated single sign-on integration to address several upcoming GitHub API deprecations\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109\n* Updated translations", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1540", url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1540.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container", tracking: { current_release_date: "2025-03-15T20:39:18+00:00", generator: { date: "2025-03-15T20:39:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2020:1540", initial_release_date: "2020-04-22T13:21:59+00:00", revision_history: [ { date: "2020-04-22T13:21:59+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:21:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T20:39:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.6 for RHEL 7", product: { name: "Red Hat Ansible Tower 3.6 for RHEL 7", product_id: "7Server-Ansible-Tower-3.6", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product: { name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product_id: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f?arch=amd64&repository_url=registry.redhat.io/ansible-tower-36/ansible-tower&tag=3.6.4-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7", product_id: "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", }, product_reference: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.6", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, { acknowledgments: [ { names: [ "Rihards Olups", ], }, ], cve: "CVE-2020-10729", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, discovery_date: "2020-05-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1831089", }, ], notes: [ { category: "description", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: two random password lookups in same task return same value", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "RHBZ#1831089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10729", url: "https://www.cve.org/CVERecord?id=CVE-2020-10729", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", }, { category: "external", summary: "https://github.com/ansible/ansible/issues/34144", url: "https://github.com/ansible/ansible/issues/34144", }, ], release_date: "2017-12-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: two random password lookups in same task return same value", }, ], }
rhsa-2016_1089
Vulnerability from csaf_redhat
Published
2016-05-17 16:12
Modified
2024-11-22 10:00
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 security update
Notes
Topic
Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.
Security Fix(es):
* Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)
* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.\n\nSecurity Fix(es):\n\n* Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:1089", url: "https://access.redhat.com/errata/RHSA-2016:1089", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html", url: "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3", }, { category: "external", summary: "1196737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { category: "external", summary: "1213957", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213957", }, { category: "external", summary: "1274222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274222", }, { category: "external", summary: "1276297", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276297", }, { category: "external", summary: "1276693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", }, { category: "external", summary: "1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "1281862", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281862", }, { category: "external", summary: "1281879", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281879", }, { category: "external", summary: "1281925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", }, { category: "external", summary: "1281930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281930", }, { category: "external", summary: "1281936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", }, { category: "external", summary: "1281943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281943", }, { category: "external", summary: "1281950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281950", }, { category: "external", summary: "1311076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076", }, { category: "external", summary: "1311082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082", }, { category: "external", summary: "1311085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311085", }, { category: "external", summary: "1311087", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087", }, { category: "external", summary: "1311089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089", }, { category: "external", summary: "1311093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093", }, { category: "external", summary: "JWS-271", url: "https://issues.redhat.com/browse/JWS-271", }, { category: "external", summary: "JWS-272", url: "https://issues.redhat.com/browse/JWS-272", }, { category: "external", summary: "JWS-276", url: "https://issues.redhat.com/browse/JWS-276", }, { category: "external", summary: "JWS-277", url: "https://issues.redhat.com/browse/JWS-277", }, { category: "external", summary: "JWS-303", url: "https://issues.redhat.com/browse/JWS-303", }, { category: "external", summary: "JWS-304", url: "https://issues.redhat.com/browse/JWS-304", }, { category: "external", summary: "JWS-349", url: "https://issues.redhat.com/browse/JWS-349", }, { category: "external", summary: "JWS-350", url: "https://issues.redhat.com/browse/JWS-350", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1089.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 security update", tracking: { current_release_date: "2024-11-22T10:00:11+00:00", generator: { date: "2024-11-22T10:00:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:1089", initial_release_date: "2016-05-17T16:12:21+00:00", revision_history: [ { date: "2016-05-17T16:12:21+00:00", number: "1", summary: "Initial version", }, { date: "2016-05-17T16:12:21+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:00:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 3.0", product: { name: "Red Hat JBoss Web Server 3.0", product_id: "Red Hat JBoss Web Server 3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:3.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-0209", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2015-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1196737", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported.", title: "Vulnerability description", }, { category: "summary", text: "openssl: use-after-free on invalid EC private key import", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-0209", }, { category: "external", summary: "RHBZ#1196737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-0209", url: "https://www.cve.org/CVERecord?id=CVE-2015-0209", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", }, { category: "external", summary: "https://access.redhat.com/articles/1384453", url: "https://access.redhat.com/articles/1384453", }, { category: "external", summary: "https://openssl.org/news/secadv_20150319.txt", url: "https://openssl.org/news/secadv_20150319.txt", }, ], release_date: "2015-02-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: use-after-free on invalid EC private key import", }, { cve: "CVE-2015-5312", discovery_date: "2015-10-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276693", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: CPU exhaustion when processing specially crafted XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "RHBZ#1276693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5312", url: "https://www.cve.org/CVERecord?id=CVE-2015-5312", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: CPU exhaustion when processing specially crafted XML input", }, { cve: "CVE-2015-5345", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311089", }, ], notes: [ { category: "description", text: "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: directory disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5345", }, { category: "external", summary: "RHBZ#1311089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5345", url: "https://www.cve.org/CVERecord?id=CVE-2015-5345", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/146", url: "http://seclists.org/bugtraq/2016/Feb/146", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: directory disclosure", }, { cve: "CVE-2015-5346", discovery_date: "2014-06-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311085", }, ], notes: [ { category: "description", text: "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Session fixation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5346", }, { category: "external", summary: "RHBZ#1311085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5346", url: "https://www.cve.org/CVERecord?id=CVE-2015-5346", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5346", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5346", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/143", url: "http://seclists.org/bugtraq/2016/Feb/143", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Session fixation", }, { cve: "CVE-2015-5351", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311076", }, ], notes: [ { category: "description", text: "A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: CSRF token leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5351", }, { category: "external", summary: "RHBZ#1311076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5351", url: "https://www.cve.org/CVERecord?id=CVE-2015-5351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/148", url: "http://seclists.org/bugtraq/2016/Feb/148", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: CSRF token leak", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7497", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281862", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "RHBZ#1281862", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281862", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7497", url: "https://www.cve.org/CVERecord?id=CVE-2015-7497", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7497", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7497", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7498", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281879", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlParseXmlDecl", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "RHBZ#1281879", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281879", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7498", url: "https://www.cve.org/CVERecord?id=CVE-2015-7498", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7498", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7498", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlParseXmlDecl", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7499", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281925", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlGROW", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "RHBZ#1281925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7499", url: "https://www.cve.org/CVERecord?id=CVE-2015-7499", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlGROW", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7500", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281943", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap buffer overflow in xmlParseMisc", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "RHBZ#1281943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281943", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7500", url: "https://www.cve.org/CVERecord?id=CVE-2015-7500", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7500", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7500", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap buffer overflow in xmlParseMisc", }, { cve: "CVE-2015-7941", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1274222", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Out-of-bounds memory access", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "RHBZ#1274222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274222", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7941", url: "https://www.cve.org/CVERecord?id=CVE-2015-7941", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7941", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7941", }, ], release_date: "2015-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Out-of-bounds memory access", }, { cve: "CVE-2015-7942", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276297", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: heap-based buffer overflow in xmlParseConditionalSections()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "RHBZ#1276297", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276297", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7942", url: "https://www.cve.org/CVERecord?id=CVE-2015-7942", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7942", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7942", }, ], release_date: "2015-10-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: heap-based buffer overflow in xmlParseConditionalSections()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hugh Davenport", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8241", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281936", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overread with XML parser in xmlNextChar", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "RHBZ#1281936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8241", url: "https://www.cve.org/CVERecord?id=CVE-2015-8241", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8241", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8241", }, ], release_date: "2015-10-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Buffer overread with XML parser in xmlNextChar", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hugh Davenport", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8242", discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281950", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "RHBZ#1281950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281950", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8242", url: "https://www.cve.org/CVERecord?id=CVE-2015-8242", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8242", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8242", }, ], release_date: "2015-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hanno Boeck", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8317", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281930", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "RHBZ#1281930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8317", url: "https://www.cve.org/CVERecord?id=CVE-2015-8317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8317", }, ], release_date: "2015-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration", }, { cve: "CVE-2015-8710", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2015-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213957", }, ], notes: [ { category: "description", text: "It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: out-of-bounds memory access when parsing an unclosed HTML comment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8710", }, { category: "external", summary: "RHBZ#1213957", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213957", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8710", url: "https://www.cve.org/CVERecord?id=CVE-2015-8710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8710", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8710", }, ], release_date: "2015-04-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: out-of-bounds memory access when parsing an unclosed HTML comment", }, { cve: "CVE-2016-0706", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311087", }, ], notes: [ { category: "description", text: "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: security manager bypass via StatusManagerServlet", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0706", }, { category: "external", summary: "RHBZ#1311087", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0706", url: "https://www.cve.org/CVERecord?id=CVE-2016-0706", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/144", url: "http://seclists.org/bugtraq/2016/Feb/144", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: security manager bypass via StatusManagerServlet", }, { cve: "CVE-2016-0714", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311082", }, ], notes: [ { category: "description", text: "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Security Manager bypass via persistence mechanisms", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0714", }, { category: "external", summary: "RHBZ#1311082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0714", url: "https://www.cve.org/CVERecord?id=CVE-2016-0714", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/145", url: "http://seclists.org/bugtraq/2016/Feb/145", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: Security Manager bypass via persistence mechanisms", }, { cve: "CVE-2016-0763", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311093", }, ], notes: [ { category: "description", text: "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: security manager bypass via setGlobalContext()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0763", }, { category: "external", summary: "RHBZ#1311093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0763", url: "https://www.cve.org/CVERecord?id=CVE-2016-0763", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/147", url: "http://seclists.org/bugtraq/2016/Feb/147", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: security manager bypass via setGlobalContext()", }, ], }
RHSA-2016:1089
Vulnerability from csaf_redhat
Published
2016-05-17 16:12
Modified
2025-01-09 05:25
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 security update
Notes
Topic
Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.
Security Fix(es):
* Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)
* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.\n\nSecurity Fix(es):\n\n* Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:1089", url: "https://access.redhat.com/errata/RHSA-2016:1089", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html", url: "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3", }, { category: "external", summary: "1196737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { category: "external", summary: "1213957", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213957", }, { category: "external", summary: "1274222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274222", }, { category: "external", summary: "1276297", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276297", }, { category: "external", summary: "1276693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", }, { category: "external", summary: "1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "1281862", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281862", }, { category: "external", summary: "1281879", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281879", }, { category: "external", summary: "1281925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", }, { category: "external", summary: "1281930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281930", }, { category: "external", summary: "1281936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", }, { category: "external", summary: "1281943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281943", }, { category: "external", summary: "1281950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281950", }, { category: "external", summary: "1311076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076", }, { category: "external", summary: "1311082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082", }, { category: "external", summary: "1311085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311085", }, { category: "external", summary: "1311087", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087", }, { category: "external", summary: "1311089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089", }, { category: "external", summary: "1311093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093", }, { category: "external", summary: "JWS-271", url: "https://issues.redhat.com/browse/JWS-271", }, { category: "external", summary: "JWS-272", url: "https://issues.redhat.com/browse/JWS-272", }, { category: "external", summary: "JWS-276", url: "https://issues.redhat.com/browse/JWS-276", }, { category: "external", summary: "JWS-277", url: "https://issues.redhat.com/browse/JWS-277", }, { category: "external", summary: "JWS-303", url: "https://issues.redhat.com/browse/JWS-303", }, { category: "external", summary: "JWS-304", url: "https://issues.redhat.com/browse/JWS-304", }, { category: "external", summary: "JWS-349", url: "https://issues.redhat.com/browse/JWS-349", }, { category: "external", summary: "JWS-350", url: "https://issues.redhat.com/browse/JWS-350", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1089.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 security update", tracking: { current_release_date: "2025-01-09T05:25:49+00:00", generator: { date: "2025-01-09T05:25:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2016:1089", initial_release_date: "2016-05-17T16:12:21+00:00", revision_history: [ { date: "2016-05-17T16:12:21+00:00", number: "1", summary: "Initial version", }, { date: "2016-05-17T16:12:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:25:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 3.0", product: { name: "Red Hat JBoss Web Server 3.0", product_id: "Red Hat JBoss Web Server 3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:3.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-0209", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2015-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1196737", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported.", title: "Vulnerability description", }, { category: "summary", text: "openssl: use-after-free on invalid EC private key import", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-0209", }, { category: "external", summary: "RHBZ#1196737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-0209", url: "https://www.cve.org/CVERecord?id=CVE-2015-0209", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", }, { category: "external", summary: "https://access.redhat.com/articles/1384453", url: "https://access.redhat.com/articles/1384453", }, { category: "external", summary: "https://openssl.org/news/secadv_20150319.txt", url: "https://openssl.org/news/secadv_20150319.txt", }, ], release_date: "2015-02-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: use-after-free on invalid EC private key import", }, { cve: "CVE-2015-5312", discovery_date: "2015-10-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276693", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: CPU exhaustion when processing specially crafted XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "RHBZ#1276693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5312", url: "https://www.cve.org/CVERecord?id=CVE-2015-5312", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: CPU exhaustion when processing specially crafted XML input", }, { cve: "CVE-2015-5345", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311089", }, ], notes: [ { category: "description", text: "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: directory disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5345", }, { category: "external", summary: "RHBZ#1311089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5345", url: "https://www.cve.org/CVERecord?id=CVE-2015-5345", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/146", url: "http://seclists.org/bugtraq/2016/Feb/146", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: directory disclosure", }, { cve: "CVE-2015-5346", discovery_date: "2014-06-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311085", }, ], notes: [ { category: "description", text: "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Session fixation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5346", }, { category: "external", summary: "RHBZ#1311085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5346", url: "https://www.cve.org/CVERecord?id=CVE-2015-5346", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5346", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5346", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/143", url: "http://seclists.org/bugtraq/2016/Feb/143", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Session fixation", }, { cve: "CVE-2015-5351", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311076", }, ], notes: [ { category: "description", text: "A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: CSRF token leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5351", }, { category: "external", summary: "RHBZ#1311076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5351", url: "https://www.cve.org/CVERecord?id=CVE-2015-5351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/148", url: "http://seclists.org/bugtraq/2016/Feb/148", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: CSRF token leak", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7497", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281862", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "RHBZ#1281862", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281862", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7497", url: "https://www.cve.org/CVERecord?id=CVE-2015-7497", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7497", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7497", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7498", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281879", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlParseXmlDecl", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "RHBZ#1281879", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281879", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7498", url: "https://www.cve.org/CVERecord?id=CVE-2015-7498", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7498", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7498", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlParseXmlDecl", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7499", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281925", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlGROW", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "RHBZ#1281925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7499", url: "https://www.cve.org/CVERecord?id=CVE-2015-7499", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlGROW", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7500", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281943", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap buffer overflow in xmlParseMisc", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "RHBZ#1281943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281943", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7500", url: "https://www.cve.org/CVERecord?id=CVE-2015-7500", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7500", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7500", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap buffer overflow in xmlParseMisc", }, { cve: "CVE-2015-7941", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1274222", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Out-of-bounds memory access", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "RHBZ#1274222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274222", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7941", url: "https://www.cve.org/CVERecord?id=CVE-2015-7941", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7941", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7941", }, ], release_date: "2015-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Out-of-bounds memory access", }, { cve: "CVE-2015-7942", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276297", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: heap-based buffer overflow in xmlParseConditionalSections()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "RHBZ#1276297", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276297", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7942", url: "https://www.cve.org/CVERecord?id=CVE-2015-7942", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7942", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7942", }, ], release_date: "2015-10-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: heap-based buffer overflow in xmlParseConditionalSections()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hugh Davenport", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8241", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281936", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overread with XML parser in xmlNextChar", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "RHBZ#1281936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8241", url: "https://www.cve.org/CVERecord?id=CVE-2015-8241", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8241", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8241", }, ], release_date: "2015-10-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Buffer overread with XML parser in xmlNextChar", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hugh Davenport", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8242", discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281950", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "RHBZ#1281950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281950", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8242", url: "https://www.cve.org/CVERecord?id=CVE-2015-8242", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8242", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8242", }, ], release_date: "2015-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hanno Boeck", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8317", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281930", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "RHBZ#1281930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8317", url: "https://www.cve.org/CVERecord?id=CVE-2015-8317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8317", }, ], release_date: "2015-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration", }, { cve: "CVE-2015-8710", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2015-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213957", }, ], notes: [ { category: "description", text: "It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: out-of-bounds memory access when parsing an unclosed HTML comment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8710", }, { category: "external", summary: "RHBZ#1213957", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213957", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8710", url: "https://www.cve.org/CVERecord?id=CVE-2015-8710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8710", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8710", }, ], release_date: "2015-04-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: out-of-bounds memory access when parsing an unclosed HTML comment", }, { cve: "CVE-2016-0706", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311087", }, ], notes: [ { category: "description", text: "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: security manager bypass via StatusManagerServlet", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0706", }, { category: "external", summary: "RHBZ#1311087", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0706", url: "https://www.cve.org/CVERecord?id=CVE-2016-0706", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/144", url: "http://seclists.org/bugtraq/2016/Feb/144", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: security manager bypass via StatusManagerServlet", }, { cve: "CVE-2016-0714", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311082", }, ], notes: [ { category: "description", text: "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Security Manager bypass via persistence mechanisms", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0714", }, { category: "external", summary: "RHBZ#1311082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0714", url: "https://www.cve.org/CVERecord?id=CVE-2016-0714", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/145", url: "http://seclists.org/bugtraq/2016/Feb/145", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: Security Manager bypass via persistence mechanisms", }, { cve: "CVE-2016-0763", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311093", }, ], notes: [ { category: "description", text: "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: security manager bypass via setGlobalContext()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0763", }, { category: "external", summary: "RHBZ#1311093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0763", url: "https://www.cve.org/CVERecord?id=CVE-2016-0763", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/147", url: "http://seclists.org/bugtraq/2016/Feb/147", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: security manager bypass via setGlobalContext()", }, ], }
rhsa-2020_1190
Vulnerability from csaf_redhat
Published
2020-03-31 20:22
Modified
2024-11-22 14:13
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1190", url: "https://access.redhat.com/errata/RHSA-2020:1190", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", }, { category: "external", summary: "1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1190.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2024-11-22T14:13:51+00:00", generator: { date: "2024-11-22T14:13:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2020:1190", initial_release_date: "2020-03-31T20:22:50+00:00", revision_history: [ { date: "2020-03-31T20:22:50+00:00", number: "1", summary: "Initial version", }, { date: "2020-03-31T20:22:50+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:13:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-static-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-python-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-static-0:2.9.1-6.el7.4.s390", product_id: "libxml2-static-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-0:2.9.1-6.el7.4.s390", product_id: "libxml2-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390", product_id: "libxml2-devel-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-static-0:2.9.1-6.el7.4.i686", product_id: "libxml2-static-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-0:2.9.1-6.el7.4.i686", product_id: "libxml2-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686", product_id: "libxml2-devel-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.src", product: { name: "libxml2-0:2.9.1-6.el7.4.src", product_id: "libxml2-0:2.9.1-6.el7.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, ], }, vulnerabilities: [ { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, ], }
rhsa-2016:1089
Vulnerability from csaf_redhat
Published
2016-05-17 16:12
Modified
2025-01-09 05:25
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 security update
Notes
Topic
Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.
Security Fix(es):
* Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)
* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.\n\nSecurity Fix(es):\n\n* Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:1089", url: "https://access.redhat.com/errata/RHSA-2016:1089", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html", url: "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3", }, { category: "external", summary: "1196737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { category: "external", summary: "1213957", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213957", }, { category: "external", summary: "1274222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274222", }, { category: "external", summary: "1276297", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276297", }, { category: "external", summary: "1276693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", }, { category: "external", summary: "1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "1281862", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281862", }, { category: "external", summary: "1281879", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281879", }, { category: "external", summary: "1281925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", }, { category: "external", summary: "1281930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281930", }, { category: "external", summary: "1281936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", }, { category: "external", summary: "1281943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281943", }, { category: "external", summary: "1281950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281950", }, { category: "external", summary: "1311076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076", }, { category: "external", summary: "1311082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082", }, { category: "external", summary: "1311085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311085", }, { category: "external", summary: "1311087", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087", }, { category: "external", summary: "1311089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089", }, { category: "external", summary: "1311093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093", }, { category: "external", summary: "JWS-271", url: "https://issues.redhat.com/browse/JWS-271", }, { category: "external", summary: "JWS-272", url: "https://issues.redhat.com/browse/JWS-272", }, { category: "external", summary: "JWS-276", url: "https://issues.redhat.com/browse/JWS-276", }, { category: "external", summary: "JWS-277", url: "https://issues.redhat.com/browse/JWS-277", }, { category: "external", summary: "JWS-303", url: "https://issues.redhat.com/browse/JWS-303", }, { category: "external", summary: "JWS-304", url: "https://issues.redhat.com/browse/JWS-304", }, { category: "external", summary: "JWS-349", url: "https://issues.redhat.com/browse/JWS-349", }, { category: "external", summary: "JWS-350", url: "https://issues.redhat.com/browse/JWS-350", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1089.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 security update", tracking: { current_release_date: "2025-01-09T05:25:49+00:00", generator: { date: "2025-01-09T05:25:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2016:1089", initial_release_date: "2016-05-17T16:12:21+00:00", revision_history: [ { date: "2016-05-17T16:12:21+00:00", number: "1", summary: "Initial version", }, { date: "2016-05-17T16:12:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:25:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 3.0", product: { name: "Red Hat JBoss Web Server 3.0", product_id: "Red Hat JBoss Web Server 3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:3.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-0209", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2015-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1196737", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported.", title: "Vulnerability description", }, { category: "summary", text: "openssl: use-after-free on invalid EC private key import", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-0209", }, { category: "external", summary: "RHBZ#1196737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-0209", url: "https://www.cve.org/CVERecord?id=CVE-2015-0209", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", }, { category: "external", summary: "https://access.redhat.com/articles/1384453", url: "https://access.redhat.com/articles/1384453", }, { category: "external", summary: "https://openssl.org/news/secadv_20150319.txt", url: "https://openssl.org/news/secadv_20150319.txt", }, ], release_date: "2015-02-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: use-after-free on invalid EC private key import", }, { cve: "CVE-2015-5312", discovery_date: "2015-10-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276693", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: CPU exhaustion when processing specially crafted XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "RHBZ#1276693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5312", url: "https://www.cve.org/CVERecord?id=CVE-2015-5312", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: CPU exhaustion when processing specially crafted XML input", }, { cve: "CVE-2015-5345", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311089", }, ], notes: [ { category: "description", text: "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: directory disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5345", }, { category: "external", summary: "RHBZ#1311089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5345", url: "https://www.cve.org/CVERecord?id=CVE-2015-5345", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/146", url: "http://seclists.org/bugtraq/2016/Feb/146", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: directory disclosure", }, { cve: "CVE-2015-5346", discovery_date: "2014-06-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311085", }, ], notes: [ { category: "description", text: "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Session fixation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5346", }, { category: "external", summary: "RHBZ#1311085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5346", url: "https://www.cve.org/CVERecord?id=CVE-2015-5346", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5346", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5346", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/143", url: "http://seclists.org/bugtraq/2016/Feb/143", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Session fixation", }, { cve: "CVE-2015-5351", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311076", }, ], notes: [ { category: "description", text: "A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: CSRF token leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5351", }, { category: "external", summary: "RHBZ#1311076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5351", url: "https://www.cve.org/CVERecord?id=CVE-2015-5351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/148", url: "http://seclists.org/bugtraq/2016/Feb/148", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: CSRF token leak", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7497", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281862", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "RHBZ#1281862", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281862", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7497", url: "https://www.cve.org/CVERecord?id=CVE-2015-7497", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7497", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7497", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7498", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281879", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlParseXmlDecl", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "RHBZ#1281879", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281879", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7498", url: "https://www.cve.org/CVERecord?id=CVE-2015-7498", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7498", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7498", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlParseXmlDecl", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7499", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281925", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer overflow in xmlGROW", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "RHBZ#1281925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7499", url: "https://www.cve.org/CVERecord?id=CVE-2015-7499", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer overflow in xmlGROW", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Kostya Serebryany", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-7500", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281943", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap buffer overflow in xmlParseMisc", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "RHBZ#1281943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281943", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7500", url: "https://www.cve.org/CVERecord?id=CVE-2015-7500", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7500", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7500", }, ], release_date: "2015-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap buffer overflow in xmlParseMisc", }, { cve: "CVE-2015-7941", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1274222", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Out-of-bounds memory access", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "RHBZ#1274222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274222", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7941", url: "https://www.cve.org/CVERecord?id=CVE-2015-7941", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7941", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7941", }, ], release_date: "2015-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Out-of-bounds memory access", }, { cve: "CVE-2015-7942", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276297", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: heap-based buffer overflow in xmlParseConditionalSections()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "RHBZ#1276297", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276297", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7942", url: "https://www.cve.org/CVERecord?id=CVE-2015-7942", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7942", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7942", }, ], release_date: "2015-10-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: heap-based buffer overflow in xmlParseConditionalSections()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hugh Davenport", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8241", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281936", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overread with XML parser in xmlNextChar", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "RHBZ#1281936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8241", url: "https://www.cve.org/CVERecord?id=CVE-2015-8241", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8241", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8241", }, ], release_date: "2015-10-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Buffer overread with XML parser in xmlNextChar", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hugh Davenport", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8242", discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281950", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "RHBZ#1281950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281950", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8242", url: "https://www.cve.org/CVERecord?id=CVE-2015-8242", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8242", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8242", }, ], release_date: "2015-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode", }, { acknowledgments: [ { names: [ "the GNOME project", ], }, { names: [ "Hanno Boeck", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-8317", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2015-11-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1281930", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "RHBZ#1281930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1281930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8317", url: "https://www.cve.org/CVERecord?id=CVE-2015-8317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8317", }, ], release_date: "2015-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration", }, { cve: "CVE-2015-8710", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2015-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213957", }, ], notes: [ { category: "description", text: "It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: out-of-bounds memory access when parsing an unclosed HTML comment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8710", }, { category: "external", summary: "RHBZ#1213957", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213957", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8710", url: "https://www.cve.org/CVERecord?id=CVE-2015-8710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8710", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8710", }, ], release_date: "2015-04-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: out-of-bounds memory access when parsing an unclosed HTML comment", }, { cve: "CVE-2016-0706", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311087", }, ], notes: [ { category: "description", text: "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: security manager bypass via StatusManagerServlet", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0706", }, { category: "external", summary: "RHBZ#1311087", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0706", url: "https://www.cve.org/CVERecord?id=CVE-2016-0706", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/144", url: "http://seclists.org/bugtraq/2016/Feb/144", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: security manager bypass via StatusManagerServlet", }, { cve: "CVE-2016-0714", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311082", }, ], notes: [ { category: "description", text: "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Security Manager bypass via persistence mechanisms", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0714", }, { category: "external", summary: "RHBZ#1311082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0714", url: "https://www.cve.org/CVERecord?id=CVE-2016-0714", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/145", url: "http://seclists.org/bugtraq/2016/Feb/145", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: Security Manager bypass via persistence mechanisms", }, { cve: "CVE-2016-0763", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1311093", }, ], notes: [ { category: "description", text: "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: security manager bypass via setGlobalContext()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 3.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0763", }, { category: "external", summary: "RHBZ#1311093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0763", url: "https://www.cve.org/CVERecord?id=CVE-2016-0763", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763", }, { category: "external", summary: "http://seclists.org/bugtraq/2016/Feb/147", url: "http://seclists.org/bugtraq/2016/Feb/147", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-05-17T16:12:21+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "Red Hat JBoss Web Server 3.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1089", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Web Server 3.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: security manager bypass via setGlobalContext()", }, ], }
rhsa-2020:1190
Vulnerability from csaf_redhat
Published
2020-03-31 20:22
Modified
2025-01-09 05:39
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2020:1190", url: "https://access.redhat.com/errata/RHSA-2020:1190", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", }, { category: "external", summary: "1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1190.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T05:39:41+00:00", generator: { date: "2025-01-09T05:39:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2020:1190", initial_release_date: "2020-03-31T20:22:50+00:00", revision_history: [ { date: "2020-03-31T20:22:50+00:00", number: "1", summary: "Initial version", }, { date: "2020-03-31T20:22:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:39:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-static-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-devel-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.s390x", product: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x", product_id: "libxml2-python-0:2.9.1-6.el7.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-static-0:2.9.1-6.el7.4.s390", product_id: "libxml2-static-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-0:2.9.1-6.el7.4.s390", product_id: "libxml2-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=s390", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.s390", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390", product_id: "libxml2-devel-0:2.9.1-6.el7.4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-static-0:2.9.1-6.el7.4.i686", product_id: "libxml2-static-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-0:2.9.1-6.el7.4.i686", product_id: "libxml2-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.i686", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686", product_id: "libxml2-devel-0:2.9.1-6.el7.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-static-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product_id: "libxml2-python-0:2.9.1-6.el7.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc64", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product_id: "libxml2-python-0:2.9.1-6.el7.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product_id: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7.4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.1-6.el7.4.src", product: { name: "libxml2-0:2.9.1-6.el7.4.src", product_id: "libxml2-0:2.9.1-6.el7.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.1-6.el7.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Client-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Server-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", }, product_reference: "libxml2-0:2.9.1-6.el7.4.src", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-python-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-python-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.i686", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.s390x", relates_to_product_reference: "7Workstation-optional-7.8", }, { category: "default_component_of", full_product_name: { name: "libxml2-static-0:2.9.1-6.el7.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", }, product_reference: "libxml2-static-0:2.9.1-6.el7.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.8", }, ], }, vulnerabilities: [ { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-03-31T20:22:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2020:1190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Client-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Client-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Client-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7ComputeNode-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7ComputeNode-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Server-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Server-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.src", "7Workstation-optional-7.8:libxml2-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-debuginfo-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-devel-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-python-0:2.9.1-6.el7.4.x86_64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.i686", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.ppc64le", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.s390x", "7Workstation-optional-7.8:libxml2-static-0:2.9.1-6.el7.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, ], }
rhba-2020_1539
Vulnerability from csaf_redhat
Published
2020-04-22 13:24
Modified
2024-11-22 14:26
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Details
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1539", url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1539.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container", tracking: { current_release_date: "2024-11-22T14:26:26+00:00", generator: { date: "2024-11-22T14:26:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2020:1539", initial_release_date: "2020-04-22T13:24:05+00:00", revision_history: [ { date: "2020-04-22T13:24:05+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:24:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:26:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product: { name: "Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.5::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_id: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463?arch=amd64&repository_url=registry.redhat.io/ansible-tower-35/ansible-tower&tag=3.5.6-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server", product_id: "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", }, product_reference: "ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1734", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2019-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1801804", }, ], notes: [ { category: "description", text: "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", title: "Vulnerability description", }, { category: "summary", text: "ansible: shell enabled by default in a pipe lookup plugin subprocess", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1734", }, { category: "external", summary: "RHBZ#1801804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1734", url: "https://www.cve.org/CVERecord?id=CVE-2020-1734", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be avoided by escaping variables which are used in the lookup.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: shell enabled by default in a pipe lookup plugin subprocess", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1735", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802085", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", title: "Vulnerability description", }, { category: "summary", text: "ansible: path injection on dest parameter in fetch module", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1735", }, { category: "external", summary: "RHBZ#1802085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1735", url: "https://www.cve.org/CVERecord?id=CVE-2020-1735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: path injection on dest parameter in fetch module", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1736", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802124", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "ansible: atomic_move primitive sets permissive permissions", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1736", }, { category: "external", summary: "RHBZ#1802124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1736", url: "https://www.cve.org/CVERecord?id=CVE-2020-1736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: atomic_move primitive sets permissive permissions", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1737", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802154", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Extract-Zip function in win_unzip module does not check extracted path", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1737", }, { category: "external", summary: "RHBZ#1802154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1737", url: "https://www.cve.org/CVERecord?id=CVE-2020-1737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible: Extract-Zip function in win_unzip module does not check extracted path", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1738", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802164", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.", title: "Vulnerability description", }, { category: "summary", text: "ansible: module package can be selected by the ansible facts", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1738", }, { category: "external", summary: "RHBZ#1802164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1738", url: "https://www.cve.org/CVERecord?id=CVE-2020-1738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: module package can be selected by the ansible facts", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1739", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802178", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", title: "Vulnerability description", }, { category: "summary", text: "ansible: svn module leaks password when specified as a parameter", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1739", }, { category: "external", summary: "RHBZ#1802178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1739", url: "https://www.cve.org/CVERecord?id=CVE-2020-1739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Instead of using the parameter 'password' of the subversion module, provide the password with stdin.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: svn module leaks password when specified as a parameter", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-1740", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1802193", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", title: "Vulnerability description", }, { category: "summary", text: "ansible: secrets readable after ansible-vault edit", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1740", }, { category: "external", summary: "RHBZ#1802193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1740", url: "https://www.cve.org/CVERecord?id=CVE-2020-1740", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", }, ], release_date: "2020-02-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: secrets readable after ansible-vault edit", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-1746", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-12-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1805491", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1746", }, { category: "external", summary: "RHBZ#1805491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1805491", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1746", url: "https://www.cve.org/CVERecord?id=CVE-2020-1746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", }, ], release_date: "2020-02-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", }, { acknowledgments: [ { names: [ "Abhijeet Kasurde", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2020-1753", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2020-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1811008", }, ], notes: [ { category: "description", text: "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: kubectl connection plugin leaks sensitive information", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-1753", }, { category: "external", summary: "RHBZ#1811008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-1753", url: "https://www.cve.org/CVERecord?id=CVE-2020-1753", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", }, ], release_date: "2020-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: kubectl connection plugin leaks sensitive information", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10684", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1815519", }, ], notes: [ { category: "description", text: "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: code injection when using ansible_facts as a subkey", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10684", }, { category: "external", summary: "RHBZ#1815519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1815519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10684", url: "https://www.cve.org/CVERecord?id=CVE-2020-10684", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", }, ], release_date: "2020-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Ansible: code injection when using ansible_facts as a subkey", }, { acknowledgments: [ { names: [ "Damien Aumaitre", "Nicolas Surbayrole", ], organization: "Quarkslab", }, ], cve: "CVE-2020-10685", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2020-01-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1814627", }, ], notes: [ { category: "description", text: "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: modules which use files encrypted with vault are not properly cleaned up", title: "Vulnerability summary", }, { category: "other", text: "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10685", }, { category: "external", summary: "RHBZ#1814627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1814627", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10685", url: "https://www.cve.org/CVERecord?id=CVE-2020-10685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", }, ], release_date: "2020-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:24:05+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1539", }, { category: "workaround", details: "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", product_ids: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:d1f358079de0367d7b2462b4eae113251b7d29c218d19c6fb57b6ebc72769463_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: modules which use files encrypted with vault are not properly cleaned up", }, ], }
rhba-2020_1540
Vulnerability from csaf_redhat
Published
2020-04-22 13:21
Modified
2024-11-22 14:31
Summary
Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Details
* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity
* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
* Fixed event hostnames to be recorded for playbooks run on isolated nodes
* Fixed a PostgreSQL issue that caused upgrade failures in certain situations
* Fixed the search for Source Control credentials in the Tower user interface
* Fixed a performance issue to no longer delay the output of project updates for certain users
* Fixed the installations to no longer fail with admin passwords that contain certain special characters
* Fixed the start time to correctly set for approval notifications
* Fixed an inconsistency in gathered inventory analytics
* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
* Updated single sign-on integration to address several upcoming GitHub API deprecations
* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
* Updated translations
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container", title: "Topic", }, { category: "general", text: "* Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity\n* Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)\n* Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)\n* Fixed event hostnames to be recorded for playbooks run on isolated nodes\n* Fixed a PostgreSQL issue that caused upgrade failures in certain situations\n* Fixed the search for Source Control credentials in the Tower user interface\n* Fixed a performance issue to no longer delay the output of project updates for certain users\n* Fixed the installations to no longer fail with admin passwords that contain certain special characters\n* Fixed the start time to correctly set for approval notifications\n* Fixed an inconsistency in gathered inventory analytics\n* Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)\n* Updated single sign-on integration to address several upcoming GitHub API deprecations\n* Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109\n* Updated translations", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2020:1540", url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_1540.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container", tracking: { current_release_date: "2024-11-22T14:31:18+00:00", generator: { date: "2024-11-22T14:31:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2020:1540", initial_release_date: "2020-04-22T13:21:59+00:00", revision_history: [ { date: "2020-04-22T13:21:59+00:00", number: "1", summary: "Initial version", }, { date: "2020-04-22T13:21:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T14:31:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Ansible Tower 3.6 for RHEL 7", product: { name: "Red Hat Ansible Tower 3.6 for RHEL 7", product_id: "7Server-Ansible-Tower-3.6", product_identification_helper: { cpe: "cpe:/a:redhat:ansible_tower:3.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Ansible Tower", }, { branches: [ { category: "product_version", name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product: { name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product_id: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", product_identification_helper: { purl: "pkg:oci/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f?arch=amd64&repository_url=registry.redhat.io/ansible-tower-36/ansible-tower&tag=3.6.4-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7", product_id: "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", }, product_reference: "ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", relates_to_product_reference: "7Server-Ansible-Tower-3.6", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Mozilla project", ], }, { names: [ "Ucha Gobejishvili", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-2716", discovery_date: "2015-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1220607", }, ], notes: [ { category: "description", text: "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", title: "Vulnerability description", }, { category: "summary", text: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-2716", }, { category: "external", summary: "RHBZ#1220607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1220607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-2716", url: "https://www.cve.org/CVERecord?id=CVE-2015-2716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-2716", }, { category: "external", summary: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", url: "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "expat: Integer overflow leading to buffer overflow in XML_GetBuffer()", }, { cve: "CVE-2015-8035", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2015-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1277146", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: DoS caused by incorrect error detection during XZ decompression", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "RHBZ#1277146", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277146", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8035", url: "https://www.cve.org/CVERecord?id=CVE-2015-8035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, ], release_date: "2015-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: DoS caused by incorrect error detection during XZ decompression", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2017-15412", discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523128", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "RHBZ#1523128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15412", url: "https://www.cve.org/CVERecord?id=CVE-2017-15412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", }, ], release_date: "2017-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { cve: "CVE-2018-10360", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2018-06-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1590000", }, ], notes: [ { category: "description", text: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", title: "Vulnerability description", }, { category: "summary", text: "file: out-of-bounds read via a crafted ELF file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10360", }, { category: "external", summary: "RHBZ#1590000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1590000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10360", url: "https://www.cve.org/CVERecord?id=CVE-2018-10360", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10360", }, ], release_date: "2018-06-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "file: out-of-bounds read via a crafted ELF file", }, { cve: "CVE-2018-14404", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2018-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1595985", }, ], notes: [ { category: "description", text: "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "RHBZ#1595985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14404", url: "https://www.cve.org/CVERecord?id=CVE-2018-14404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", }, ], release_date: "2018-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", }, { cve: "CVE-2018-14567", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-08-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1619875", }, ], notes: [ { category: "description", text: "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14567", }, { category: "external", summary: "RHBZ#1619875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14567", url: "https://www.cve.org/CVERecord?id=CVE-2018-14567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", }, ], release_date: "2018-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", }, { cve: "CVE-2018-18074", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643829", }, ], notes: [ { category: "description", text: "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-18074", }, { category: "external", summary: "RHBZ#1643829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-18074", url: "https://www.cve.org/CVERecord?id=CVE-2018-18074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", }, ], release_date: "2018-06-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", }, { cve: "CVE-2018-20060", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2018-11-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1649153", }, ], notes: [ { category: "description", text: "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20060", }, { category: "external", summary: "RHBZ#1649153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1649153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20060", url: "https://www.cve.org/CVERecord?id=CVE-2018-20060", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20060", }, ], release_date: "2018-03-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure", }, { cve: "CVE-2018-20852", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1740347", }, ], notes: [ { category: "description", text: "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", title: "Vulnerability description", }, { category: "summary", text: "python: Cookie domain check returns incorrect results", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-20852", }, { category: "external", summary: "RHBZ#1740347", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1740347", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-20852", url: "https://www.cve.org/CVERecord?id=CVE-2018-20852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-20852", }, ], release_date: "2018-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: Cookie domain check returns incorrect results", }, { acknowledgments: [ { names: [ "Ray Strode", ], organization: "The GNOME Project", }, { names: [ "Maxime Vellard", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-3820", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2019-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1669391", }, ], notes: [ { category: "description", text: "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.", title: "Vulnerability description", }, { category: "summary", text: "gnome-shell: partial lock screen bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3820", }, { category: "external", summary: "RHBZ#1669391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1669391", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3820", url: "https://www.cve.org/CVERecord?id=CVE-2019-3820", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3820", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", url: "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", }, ], release_date: "2019-02-05T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "gnome-shell: partial lock screen bypass", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "l00p3r", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2019-5436", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1710620", }, ], notes: [ { category: "description", text: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", title: "Vulnerability description", }, { category: "summary", text: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", title: "Vulnerability summary", }, { category: "other", text: "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-5436", }, { category: "external", summary: "RHBZ#1710620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-5436", url: "https://www.cve.org/CVERecord?id=CVE-2019-5436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-5436", }, { category: "external", summary: "https://curl.haxx.se/docs/CVE-2019-5436.html", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, ], release_date: "2019-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", }, { cve: "CVE-2019-9924", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, discovery_date: "2019-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1691774", }, ], notes: [ { category: "description", text: "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", title: "Vulnerability description", }, { category: "summary", text: "bash: BASH_CMD is writable in restricted bash shells", title: "Vulnerability summary", }, { category: "other", text: "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\n\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\n\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9924", }, { category: "external", summary: "RHBZ#1691774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1691774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9924", url: "https://www.cve.org/CVERecord?id=CVE-2019-9924", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9924", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bash: BASH_CMD is writable in restricted bash shells", }, { cve: "CVE-2019-11236", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2019-04-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1700824", }, ], notes: [ { category: "description", text: "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", title: "Vulnerability description", }, { category: "summary", text: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\n\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\n\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11236", }, { category: "external", summary: "RHBZ#1700824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1700824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11236", url: "https://www.cve.org/CVERecord?id=CVE-2019-11236", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11236", }, ], release_date: "2019-03-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", }, { cve: "CVE-2019-16056", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1749839", }, ], notes: [ { category: "description", text: "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", title: "Vulnerability description", }, { category: "summary", text: "python: email.utils.parseaddr wrongly parses email addresses", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-16056", }, { category: "external", summary: "RHBZ#1749839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-16056", url: "https://www.cve.org/CVERecord?id=CVE-2019-16056", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-16056", }, ], release_date: "2018-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python: email.utils.parseaddr wrongly parses email addresses", }, { cve: "CVE-2019-17041", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766693", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17041", }, { category: "external", summary: "RHBZ#1766693", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766693", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17041", url: "https://www.cve.org/CVERecord?id=CVE-2019-17041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17041", }, ], release_date: "2019-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c", }, { cve: "CVE-2019-17042", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2019-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1766700", }, ], notes: [ { category: "description", text: "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", title: "Vulnerability description", }, { category: "summary", text: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-17042", }, { category: "external", summary: "RHBZ#1766700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1766700", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-17042", url: "https://www.cve.org/CVERecord?id=CVE-2019-17042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-17042", }, ], release_date: "2019-10-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c", }, { acknowledgments: [ { names: [ "Felix Fountein", ], }, ], cve: "CVE-2020-10691", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2020-03-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1817161", }, ], notes: [ { category: "description", text: "An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", title: "Vulnerability summary", }, { category: "other", text: "Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9.\n\nAnsible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10691", }, { category: "external", summary: "RHBZ#1817161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1817161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10691", url: "https://www.cve.org/CVERecord?id=CVE-2020-10691", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10691", }, ], release_date: "2020-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, { category: "workaround", details: "A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: archive traversal vulnerability in ansible-galaxy collection install", }, { acknowledgments: [ { names: [ "Rihards Olups", ], }, ], cve: "CVE-2020-10729", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, discovery_date: "2020-05-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1831089", }, ], notes: [ { category: "description", text: "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file.", title: "Vulnerability description", }, { category: "summary", text: "Ansible: two random password lookups in same task return same value", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-10729", }, { category: "external", summary: "RHBZ#1831089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-10729", url: "https://www.cve.org/CVERecord?id=CVE-2020-10729", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", }, { category: "external", summary: "https://github.com/ansible/ansible/issues/34144", url: "https://github.com/ansible/ansible/issues/34144", }, ], release_date: "2017-12-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-04-22T13:21:59+00:00", details: "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html", product_ids: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2020:1540", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:a0f23b14edea9a3983614d21c8532d6ef6bf760c56d8249cc452b87eeba60f0f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ansible: two random password lookups in same task return same value", }, ], }
wid-sec-w-2023-1614
Vulnerability from csaf_certbund
Published
2023-06-29 22:00
Modified
2023-10-25 22:00
Summary
Tenable Security Nessus Network Monitor: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1614 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json", }, { category: "self", summary: "WID-SEC-2023-1614 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614", }, { category: "external", summary: "Tenable Security Advisory TNS-2023-34 vom 2023-10-25", url: "https://de.tenable.com/security/tns-2023-34", }, { category: "external", summary: "Tenable Security Advisory vom 2023-06-29", url: "https://de.tenable.com/security/tns-2023-23", }, ], source_lang: "en-US", title: "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-25T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:59.941+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1614", initial_release_date: "2023-06-29T22:00:00.000+00:00", revision_history: [ { date: "2023-06-29T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-07-03T22:00:00.000+00:00", number: "2", summary: "Produkt berichtigt", }, { date: "2023-10-25T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Tenable aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Tenable Security Nessus Network Monitor < 6.2.2", product: { name: "Tenable Security Nessus Network Monitor < 6.2.2", product_id: "T028403", product_identification_helper: { cpe: "cpe:/a:tenable:nessus_network_monitor:6.2.2", }, }, }, ], category: "vendor", name: "Tenable Security", }, ], }, vulnerabilities: [ { cve: "CVE-2023-32067", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-31147", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31147", }, { cve: "CVE-2023-31130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31130", }, { cve: "CVE-2023-31124", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31124", }, { cve: "CVE-2023-29469", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-29469", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-1255", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-1255", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2022-4904", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-4904", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-29824", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-29824", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-23395", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23395", }, { cve: "CVE-2022-23308", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23308", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2021-45346", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-45346", }, { cve: "CVE-2021-3672", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3672", }, { cve: "CVE-2021-36690", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-36690", }, { cve: "CVE-2021-3541", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3541", }, { cve: "CVE-2021-3537", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3537", }, { cve: "CVE-2021-3518", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3518", }, { cve: "CVE-2021-3517", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3517", }, { cve: "CVE-2021-31239", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-31239", }, { cve: "CVE-2021-30560", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-30560", }, { cve: "CVE-2021-20227", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-20227", }, { cve: "CVE-2020-9327", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-9327", }, { cve: "CVE-2020-7595", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-7595", }, { cve: "CVE-2020-35527", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35527", }, { cve: "CVE-2020-35525", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35525", }, { cve: "CVE-2020-24977", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-24977", }, { cve: "CVE-2020-15358", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-15358", }, { cve: "CVE-2020-14155", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-14155", }, { cve: "CVE-2020-13871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13871", }, { cve: "CVE-2020-13632", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13632", }, { cve: "CVE-2020-13631", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13631", }, { cve: "CVE-2020-13630", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13630", }, { cve: "CVE-2020-13435", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13435", }, { cve: "CVE-2020-13434", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13434", }, { cve: "CVE-2020-11656", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11656", }, { cve: "CVE-2020-11655", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11655", }, { cve: "CVE-2019-9937", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9937", }, { cve: "CVE-2019-9936", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9936", }, { cve: "CVE-2019-8457", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-8457", }, { cve: "CVE-2019-5815", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-5815", }, { cve: "CVE-2019-20838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20838", }, { cve: "CVE-2019-20388", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20388", }, { cve: "CVE-2019-20218", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20218", }, { cve: "CVE-2019-19959", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19959", }, { cve: "CVE-2019-19956", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19956", }, { cve: "CVE-2019-19926", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19926", }, { cve: "CVE-2019-19925", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19925", }, { cve: "CVE-2019-19924", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19924", }, { cve: "CVE-2019-19923", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19923", }, { cve: "CVE-2019-19880", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19880", }, { cve: "CVE-2019-19646", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19646", }, { cve: "CVE-2019-19645", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19645", }, { cve: "CVE-2019-19603", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19603", }, { cve: "CVE-2019-19317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19317", }, { cve: "CVE-2019-19244", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19244", }, { cve: "CVE-2019-19242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19242", }, { cve: "CVE-2019-16168", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-16168", }, { cve: "CVE-2019-13118", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13118", }, { cve: "CVE-2019-13117", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13117", }, { cve: "CVE-2019-12900", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-12900", }, { cve: "CVE-2019-11068", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-11068", }, { cve: "CVE-2018-9251", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-9251", }, { cve: "CVE-2018-14567", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14567", }, { cve: "CVE-2018-14404", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14404", }, { cve: "CVE-2017-9050", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9050", }, { cve: "CVE-2017-9049", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9049", }, { cve: "CVE-2017-9048", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9048", }, { cve: "CVE-2017-9047", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9047", }, { cve: "CVE-2017-8872", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-8872", }, { cve: "CVE-2017-7376", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7376", }, { cve: "CVE-2017-7375", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7375", }, { cve: "CVE-2017-5969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5969", }, { cve: "CVE-2017-5130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5130", }, { cve: "CVE-2017-5029", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5029", }, { cve: "CVE-2017-18258", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-18258", }, { cve: "CVE-2017-16932", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16932", }, { cve: "CVE-2017-16931", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16931", }, { cve: "CVE-2017-15412", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-15412", }, { cve: "CVE-2017-1000381", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000381", }, { cve: "CVE-2017-1000061", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000061", }, { cve: "CVE-2016-9598", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9598", }, { cve: "CVE-2016-9597", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9597", }, { cve: "CVE-2016-9596", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9596", }, { cve: "CVE-2016-5180", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5180", }, { cve: "CVE-2016-5131", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5131", }, { cve: "CVE-2016-4658", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4658", }, { cve: "CVE-2016-4609", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4609", }, { cve: "CVE-2016-4607", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4607", }, { cve: "CVE-2016-4483", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4483", }, { cve: "CVE-2016-4449", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4449", }, { cve: "CVE-2016-4448", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4448", }, { cve: "CVE-2016-4447", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4447", }, { cve: "CVE-2016-3709", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3709", }, { cve: "CVE-2016-3705", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3705", }, { cve: "CVE-2016-3627", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3627", }, { cve: "CVE-2016-3189", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3189", }, { cve: "CVE-2016-2073", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-2073", }, { cve: "CVE-2016-1840", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1840", }, { cve: "CVE-2016-1839", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1839", }, { cve: "CVE-2016-1838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1838", }, { cve: "CVE-2016-1837", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1837", }, { cve: "CVE-2016-1836", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1836", }, { cve: "CVE-2016-1834", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1834", }, { cve: "CVE-2016-1833", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1833", }, { cve: "CVE-2016-1762", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1762", }, { cve: "CVE-2016-1684", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1684", }, { cve: "CVE-2016-1683", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1683", }, { cve: "CVE-2015-9019", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-9019", }, { cve: "CVE-2015-8806", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8806", }, { cve: "CVE-2015-8710", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8710", }, { cve: "CVE-2015-8317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8317", }, { cve: "CVE-2015-8242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8242", }, { cve: "CVE-2015-8241", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8241", }, { cve: "CVE-2015-8035", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8035", }, { cve: "CVE-2015-7995", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7995", }, { cve: "CVE-2015-7942", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7942", }, { cve: "CVE-2015-7941", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7941", }, { cve: "CVE-2015-7500", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7500", }, { cve: "CVE-2015-7499", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7499", }, { cve: "CVE-2015-7498", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7498", }, { cve: "CVE-2015-7497", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7497", }, { cve: "CVE-2015-5312", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-5312", }, { cve: "CVE-2014-3660", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2014-3660", }, { cve: "CVE-2013-4520", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-4520", }, { cve: "CVE-2013-2877", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-2877", }, { cve: "CVE-2013-1969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-1969", }, { cve: "CVE-2013-0339", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0339", }, { cve: "CVE-2013-0338", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0338", }, { cve: "CVE-2012-6139", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-6139", }, { cve: "CVE-2012-5134", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-5134", }, { cve: "CVE-2012-2871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2871", }, { cve: "CVE-2012-2870", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2870", }, { cve: "CVE-2012-0841", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-0841", }, { cve: "CVE-2011-3970", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-3970", }, { cve: "CVE-2011-1944", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1944", }, { cve: "CVE-2011-1202", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1202", }, { cve: "CVE-2010-4494", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4494", }, { cve: "CVE-2010-4008", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4008", }, ], }
WID-SEC-W-2023-1614
Vulnerability from csaf_certbund
Published
2023-06-29 22:00
Modified
2023-10-25 22:00
Summary
Tenable Security Nessus Network Monitor: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1614 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json", }, { category: "self", summary: "WID-SEC-2023-1614 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614", }, { category: "external", summary: "Tenable Security Advisory TNS-2023-34 vom 2023-10-25", url: "https://de.tenable.com/security/tns-2023-34", }, { category: "external", summary: "Tenable Security Advisory vom 2023-06-29", url: "https://de.tenable.com/security/tns-2023-23", }, ], source_lang: "en-US", title: "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-25T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:59.941+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1614", initial_release_date: "2023-06-29T22:00:00.000+00:00", revision_history: [ { date: "2023-06-29T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-07-03T22:00:00.000+00:00", number: "2", summary: "Produkt berichtigt", }, { date: "2023-10-25T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Tenable aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Tenable Security Nessus Network Monitor < 6.2.2", product: { name: "Tenable Security Nessus Network Monitor < 6.2.2", product_id: "T028403", product_identification_helper: { cpe: "cpe:/a:tenable:nessus_network_monitor:6.2.2", }, }, }, ], category: "vendor", name: "Tenable Security", }, ], }, vulnerabilities: [ { cve: "CVE-2023-32067", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-31147", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31147", }, { cve: "CVE-2023-31130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31130", }, { cve: "CVE-2023-31124", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31124", }, { cve: "CVE-2023-29469", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-29469", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-1255", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-1255", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2022-4904", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-4904", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-29824", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-29824", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-23395", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23395", }, { cve: "CVE-2022-23308", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23308", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2021-45346", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-45346", }, { cve: "CVE-2021-3672", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3672", }, { cve: "CVE-2021-36690", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-36690", }, { cve: "CVE-2021-3541", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3541", }, { cve: "CVE-2021-3537", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3537", }, { cve: "CVE-2021-3518", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3518", }, { cve: "CVE-2021-3517", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3517", }, { cve: "CVE-2021-31239", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-31239", }, { cve: "CVE-2021-30560", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-30560", }, { cve: "CVE-2021-20227", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-20227", }, { cve: "CVE-2020-9327", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-9327", }, { cve: "CVE-2020-7595", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-7595", }, { cve: "CVE-2020-35527", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35527", }, { cve: "CVE-2020-35525", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35525", }, { cve: "CVE-2020-24977", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-24977", }, { cve: "CVE-2020-15358", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-15358", }, { cve: "CVE-2020-14155", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-14155", }, { cve: "CVE-2020-13871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13871", }, { cve: "CVE-2020-13632", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13632", }, { cve: "CVE-2020-13631", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13631", }, { cve: "CVE-2020-13630", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13630", }, { cve: "CVE-2020-13435", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13435", }, { cve: "CVE-2020-13434", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13434", }, { cve: "CVE-2020-11656", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11656", }, { cve: "CVE-2020-11655", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11655", }, { cve: "CVE-2019-9937", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9937", }, { cve: "CVE-2019-9936", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9936", }, { cve: "CVE-2019-8457", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-8457", }, { cve: "CVE-2019-5815", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-5815", }, { cve: "CVE-2019-20838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20838", }, { cve: "CVE-2019-20388", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20388", }, { cve: "CVE-2019-20218", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20218", }, { cve: "CVE-2019-19959", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19959", }, { cve: "CVE-2019-19956", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19956", }, { cve: "CVE-2019-19926", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19926", }, { cve: "CVE-2019-19925", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19925", }, { cve: "CVE-2019-19924", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19924", }, { cve: "CVE-2019-19923", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19923", }, { cve: "CVE-2019-19880", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19880", }, { cve: "CVE-2019-19646", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19646", }, { cve: "CVE-2019-19645", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19645", }, { cve: "CVE-2019-19603", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19603", }, { cve: "CVE-2019-19317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19317", }, { cve: "CVE-2019-19244", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19244", }, { cve: "CVE-2019-19242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19242", }, { cve: "CVE-2019-16168", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-16168", }, { cve: "CVE-2019-13118", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13118", }, { cve: "CVE-2019-13117", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13117", }, { cve: "CVE-2019-12900", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-12900", }, { cve: "CVE-2019-11068", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-11068", }, { cve: "CVE-2018-9251", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-9251", }, { cve: "CVE-2018-14567", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14567", }, { cve: "CVE-2018-14404", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14404", }, { cve: "CVE-2017-9050", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9050", }, { cve: "CVE-2017-9049", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9049", }, { cve: "CVE-2017-9048", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9048", }, { cve: "CVE-2017-9047", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9047", }, { cve: "CVE-2017-8872", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-8872", }, { cve: "CVE-2017-7376", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7376", }, { cve: "CVE-2017-7375", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7375", }, { cve: "CVE-2017-5969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5969", }, { cve: "CVE-2017-5130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5130", }, { cve: "CVE-2017-5029", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5029", }, { cve: "CVE-2017-18258", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-18258", }, { cve: "CVE-2017-16932", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16932", }, { cve: "CVE-2017-16931", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16931", }, { cve: "CVE-2017-15412", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-15412", }, { cve: "CVE-2017-1000381", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000381", }, { cve: "CVE-2017-1000061", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000061", }, { cve: "CVE-2016-9598", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9598", }, { cve: "CVE-2016-9597", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9597", }, { cve: "CVE-2016-9596", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9596", }, { cve: "CVE-2016-5180", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5180", }, { cve: "CVE-2016-5131", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5131", }, { cve: "CVE-2016-4658", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4658", }, { cve: "CVE-2016-4609", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4609", }, { cve: "CVE-2016-4607", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4607", }, { cve: "CVE-2016-4483", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4483", }, { cve: "CVE-2016-4449", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4449", }, { cve: "CVE-2016-4448", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4448", }, { cve: "CVE-2016-4447", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4447", }, { cve: "CVE-2016-3709", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3709", }, { cve: "CVE-2016-3705", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3705", }, { cve: "CVE-2016-3627", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3627", }, { cve: "CVE-2016-3189", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3189", }, { cve: "CVE-2016-2073", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-2073", }, { cve: "CVE-2016-1840", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1840", }, { cve: "CVE-2016-1839", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1839", }, { cve: "CVE-2016-1838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1838", }, { cve: "CVE-2016-1837", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1837", }, { cve: "CVE-2016-1836", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1836", }, { cve: "CVE-2016-1834", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1834", }, { cve: "CVE-2016-1833", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1833", }, { cve: "CVE-2016-1762", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1762", }, { cve: "CVE-2016-1684", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1684", }, { cve: "CVE-2016-1683", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1683", }, { cve: "CVE-2015-9019", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-9019", }, { cve: "CVE-2015-8806", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8806", }, { cve: "CVE-2015-8710", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8710", }, { cve: "CVE-2015-8317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8317", }, { cve: "CVE-2015-8242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8242", }, { cve: "CVE-2015-8241", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8241", }, { cve: "CVE-2015-8035", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8035", }, { cve: "CVE-2015-7995", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7995", }, { cve: "CVE-2015-7942", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7942", }, { cve: "CVE-2015-7941", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7941", }, { cve: "CVE-2015-7500", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7500", }, { cve: "CVE-2015-7499", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7499", }, { cve: "CVE-2015-7498", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7498", }, { cve: "CVE-2015-7497", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7497", }, { cve: "CVE-2015-5312", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-5312", }, { cve: "CVE-2014-3660", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2014-3660", }, { cve: "CVE-2013-4520", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-4520", }, { cve: "CVE-2013-2877", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-2877", }, { cve: "CVE-2013-1969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-1969", }, { cve: "CVE-2013-0339", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0339", }, { cve: "CVE-2013-0338", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0338", }, { cve: "CVE-2012-6139", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-6139", }, { cve: "CVE-2012-5134", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-5134", }, { cve: "CVE-2012-2871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2871", }, { cve: "CVE-2012-2870", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2870", }, { cve: "CVE-2012-0841", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-0841", }, { cve: "CVE-2011-3970", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-3970", }, { cve: "CVE-2011-1944", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1944", }, { cve: "CVE-2011-1202", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1202", }, { cve: "CVE-2010-4494", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4494", }, { cve: "CVE-2010-4008", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4008", }, ], }
suse-su-2016:0049-1
Vulnerability from csaf_suse
Published
2016-01-07 12:52
Modified
2016-01-07 12:52
Summary
Security update for libxml2
Notes
Title of the patch
Security update for libxml2
Description of the patch
- security update:
This update fixes the following security issues:
* CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]
* CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]
* CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]
* CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]
* CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]
* CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]
* CVE-2015-5312 Fix another entity expansion issue [bnc#957105]
* CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]
* CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]
* CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]
* CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]
* CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]
* CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]
Patchnames
SUSE-SLE-DESKTOP-12-2016-38,SUSE-SLE-DESKTOP-12-SP1-2016-38,SUSE-SLE-SDK-12-2016-38,SUSE-SLE-SDK-12-SP1-2016-38,SUSE-SLE-SERVER-12-2016-38,SUSE-SLE-SERVER-12-SP1-2016-38
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for libxml2", title: "Title of the patch", }, { category: "description", text: "- security update:\n This update fixes the following security issues: \n\n * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]\n * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]\n * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]\n * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]\n * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]\n * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]\n * CVE-2015-5312 Fix another entity expansion issue [bnc#957105]\n * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]\n * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]\n * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]\n * CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]\n * CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]\n * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] \n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-2016-38,SUSE-SLE-DESKTOP-12-SP1-2016-38,SUSE-SLE-SDK-12-2016-38,SUSE-SLE-SDK-12-SP1-2016-38,SUSE-SLE-SERVER-12-2016-38,SUSE-SLE-SERVER-12-SP1-2016-38", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0049-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:0049-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20160049-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:0049-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-January/001788.html", }, { category: "self", summary: "SUSE Bug 928193", url: "https://bugzilla.suse.com/928193", }, { category: "self", summary: "SUSE Bug 951734", url: "https://bugzilla.suse.com/951734", }, { category: "self", summary: "SUSE Bug 951735", url: "https://bugzilla.suse.com/951735", }, { category: "self", summary: "SUSE Bug 954429", url: "https://bugzilla.suse.com/954429", }, { category: "self", summary: "SUSE Bug 956018", url: "https://bugzilla.suse.com/956018", }, { category: "self", summary: "SUSE Bug 956021", url: "https://bugzilla.suse.com/956021", }, { category: "self", summary: "SUSE Bug 956260", url: "https://bugzilla.suse.com/956260", }, { category: "self", summary: "SUSE Bug 957105", url: "https://bugzilla.suse.com/957105", }, { category: "self", summary: "SUSE Bug 957106", url: "https://bugzilla.suse.com/957106", }, { category: "self", summary: "SUSE Bug 957107", url: "https://bugzilla.suse.com/957107", }, { category: "self", summary: "SUSE Bug 957109", url: "https://bugzilla.suse.com/957109", }, { category: "self", summary: "SUSE Bug 957110", url: "https://bugzilla.suse.com/957110", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, ], title: "Security update for libxml2", tracking: { current_release_date: "2016-01-07T12:52:24Z", generator: { date: "2016-01-07T12:52:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:0049-1", initial_release_date: "2016-01-07T12:52:24Z", revision_history: [ { date: "2016-01-07T12:52:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libxml2-doc-2.9.1-13.1.noarch", product: { name: "libxml2-doc-2.9.1-13.1.noarch", product_id: "libxml2-doc-2.9.1-13.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "libxml2-devel-2.9.1-13.1.ppc64le", product: { name: "libxml2-devel-2.9.1-13.1.ppc64le", product_id: "libxml2-devel-2.9.1-13.1.ppc64le", }, }, { category: "product_version", name: "libxml2-2-2.9.1-13.1.ppc64le", product: { name: "libxml2-2-2.9.1-13.1.ppc64le", product_id: "libxml2-2-2.9.1-13.1.ppc64le", }, }, { category: "product_version", name: "libxml2-tools-2.9.1-13.1.ppc64le", product: { name: "libxml2-tools-2.9.1-13.1.ppc64le", product_id: "libxml2-tools-2.9.1-13.1.ppc64le", }, }, { category: "product_version", name: "python-libxml2-2.9.1-13.1.ppc64le", product: { name: "python-libxml2-2.9.1-13.1.ppc64le", product_id: "python-libxml2-2.9.1-13.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-2.9.1-13.1.s390x", product: { name: "libxml2-devel-2.9.1-13.1.s390x", product_id: "libxml2-devel-2.9.1-13.1.s390x", }, }, { category: "product_version", name: "libxml2-2-2.9.1-13.1.s390x", product: { name: "libxml2-2-2.9.1-13.1.s390x", product_id: "libxml2-2-2.9.1-13.1.s390x", }, }, { category: "product_version", name: "libxml2-2-32bit-2.9.1-13.1.s390x", product: { name: "libxml2-2-32bit-2.9.1-13.1.s390x", product_id: "libxml2-2-32bit-2.9.1-13.1.s390x", }, }, { category: "product_version", name: "libxml2-tools-2.9.1-13.1.s390x", product: { name: "libxml2-tools-2.9.1-13.1.s390x", product_id: "libxml2-tools-2.9.1-13.1.s390x", }, }, { category: "product_version", name: "python-libxml2-2.9.1-13.1.s390x", product: { name: "python-libxml2-2.9.1-13.1.s390x", product_id: "python-libxml2-2.9.1-13.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-2-2.9.1-13.1.x86_64", product: { name: "libxml2-2-2.9.1-13.1.x86_64", product_id: "libxml2-2-2.9.1-13.1.x86_64", }, }, { category: "product_version", name: "libxml2-2-32bit-2.9.1-13.1.x86_64", product: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64", product_id: "libxml2-2-32bit-2.9.1-13.1.x86_64", }, }, { category: "product_version", name: "libxml2-tools-2.9.1-13.1.x86_64", product: { name: "libxml2-tools-2.9.1-13.1.x86_64", product_id: "libxml2-tools-2.9.1-13.1.x86_64", }, }, { category: "product_version", name: "python-libxml2-2.9.1-13.1.x86_64", product: { name: "python-libxml2-2.9.1-13.1.x86_64", product_id: "python-libxml2-2.9.1-13.1.x86_64", }, }, { category: "product_version", name: "libxml2-devel-2.9.1-13.1.x86_64", product: { name: "libxml2-devel-2.9.1-13.1.x86_64", product_id: "libxml2-devel-2.9.1-13.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12", product: { name: "SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12", product_identification_helper: { cpe: "cpe:/o:suse:sled:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP1", product: { name: "SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12", product: { name: "SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP1", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12", product: { name: "SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12", product_identification_helper: { cpe: "cpe:/o:suse:sles:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1", product: { name: "SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", }, product_reference: "libxml2-tools-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", }, product_reference: "python-libxml2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", }, product_reference: "libxml2-tools-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", }, product_reference: "python-libxml2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-devel-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", }, product_reference: "libxml2-devel-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", }, product_reference: "libxml2-devel-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-devel-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", }, product_reference: "libxml2-devel-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", }, product_reference: "libxml2-devel-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.1-13.1.noarch as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", }, product_reference: "libxml2-doc-2.9.1-13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-tools-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", }, product_reference: "libxml2-tools-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", }, product_reference: "libxml2-tools-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", }, product_reference: "python-libxml2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", }, product_reference: "python-libxml2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", }, product_reference: "python-libxml2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.1-13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", }, product_reference: "libxml2-doc-2.9.1-13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-tools-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", }, product_reference: "libxml2-tools-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", }, product_reference: "libxml2-tools-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", }, product_reference: "python-libxml2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", }, product_reference: "python-libxml2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", }, product_reference: "python-libxml2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.1-13.1.noarch as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", }, product_reference: "libxml2-doc-2.9.1-13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-tools-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", }, product_reference: "libxml2-tools-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", }, product_reference: "libxml2-tools-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", }, product_reference: "python-libxml2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", }, product_reference: "python-libxml2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", }, product_reference: "python-libxml2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", }, product_reference: "libxml2-2-32bit-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.1-13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", }, product_reference: "libxml2-doc-2.9.1-13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", }, product_reference: "libxml2-tools-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", }, product_reference: "libxml2-tools-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", }, product_reference: "libxml2-tools-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", }, product_reference: "python-libxml2-2.9.1-13.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", }, product_reference: "python-libxml2-2.9.1-13.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "python-libxml2-2.9.1-13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", }, product_reference: "python-libxml2-2.9.1-13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Desktop 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-2-32bit-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-doc-2.9.1-13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libxml2-tools-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:python-libxml2-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxml2-devel-2.9.1-13.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libxml2-devel-2.9.1-13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-01-07T12:52:24Z", details: "moderate", }, ], title: "CVE-2015-8317", }, ], }
suse-su-2016:0786-1
Vulnerability from csaf_suse
Published
2016-03-16 10:28
Modified
2016-03-16 10:28
Summary
Security update for sles12-docker-image
Notes
Title of the patch
Security update for sles12-docker-image
Description of the patch
This update for sles12-docker-image fixes issues with binaries and libraries included in the image
where security updates have been made available in the last weeks.
glibc security issues fixed:
- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)
- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)
- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)
- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)
- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)
glibc bugs fixed:
- bsc#955647: Resource leak in resolver
- bsc#956716: Don't do lock elision on an error checking mutex
- bsc#958315: Reinitialize dl_load_write_lock on fork
openssl security bugs fixed:
Security issues fixed:
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to
decryption of TLS sessions by using a server supporting SSLv2 and
EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the
SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL
protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled
if required by old legacy software using the environment variable
'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050)
Various changes in the modular exponentation code were added that
make sure that it is not possible to recover RSA secret keys by
analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture.
Note that this was only exploitable if the malicious code was running
on the same hyper threaded Intel Sandy Bridge processor as the victim
thread performing decryptions.
- CVE-2016-0705 (bnc#968047):
A double free() bug in the DSA ASN1 parser code was fixed that could
be abused to facilitate a denial-of-service attack.
- CVE-2016-0797 (bnc#968048):
The BN_hex2bn() and BN_dec2bn() functions had a bug that could result
in an attempt to de-reference a NULL pointer leading to crashes.
This could have security consequences if these functions were ever
called by user applications with large untrusted hex/decimal data. Also,
internal usage of these functions in OpenSSL uses data from config files
or application command line arguments. If user developed applications
generated config file data based on untrusted data, then this could
have had security consequences as well.
- CVE-2016-0798 (bnc#968265)
The SRP user database lookup method SRP_VBASE_get_by_user() had a memory
leak that attackers could abuse to facility DoS attacks. To mitigate
the issue, the seed handling in SRP_VBASE_get_by_user() was disabled
even if the user has configured a seed. Applications are advised to
migrate to SRP_VBASE_get1_by_user().
- CVE-2016-0799 (bnc#968374)
On many 64 bit systems, the internal fmtstr() and doapr_outch()
functions could miscalculate the length of a string and attempt to
access out-of-bounds memory locations. These problems could have
enabled attacks where large amounts of untrusted data is passed to
the BIO_*printf functions. If applications use these functions in
this way then they could have been vulnerable. OpenSSL itself uses
these functions when printing out human-readable dumps of ASN.1
data. Therefore applications that print this data could have been
vulnerable if the data is from untrusted sources. OpenSSL command line
applications could also have been vulnerable when they print out ASN.1
data, or if untrusted data is passed as command line arguments. Libssl
is not considered directly vulnerable.
- CVE-2015-3197 (bsc#963415):
The SSLv2 protocol did not block disabled ciphers.
Note that the March 1st 2016 release also references following CVEs
that were fixed by us with CVE-2015-0293 in 2015:
- CVE-2016-0703 (bsc#968051): This issue only affected versions of
OpenSSL prior to March 19th 2015 at which time the code was refactored
to address vulnerability CVE-2015-0293. It would have made the above
'DROWN' attack much easier.
- CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2'
This issue only affected versions of OpenSSL prior to March 19th
2015 at which time the code was refactored to address vulnerability
CVE-2015-0293. It would have made the above 'DROWN' attack much easier.
- CVE-2015-3194: The signature verification routines will crash with a
NULL pointer dereference if presented with an ASN.1 signature using the
RSA PSS algorithm and absent mask generation function parameter. Since
these routines are used to verify certificate signature algorithms
this can be used to crash any certificate verification operation and
exploited in a DoS attack. Any application which performs certificate
verification is vulnerable including OpenSSL clients and servers which
enable client authentication. (bsc#957815)
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected. (bsc#957812)
- CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then
the values were wrongly updated in the parent SSL_CTX structure. This could
result in a race condition potentially leading to a double free of the
identify hint data. (bsc#957813)
openssl bugs fixed:
- Avoid running OPENSSL_config twice. This avoids breaking
engine loading. (bsc#952871)
- Ensure that OpenSSL doesn't fall back to the default digest
algorithm (SHA1) in case a non-FIPS algorithm was negotiated while
running in FIPS mode. Instead, OpenSSL will refuse the digest.
(bnc#958501)
- Clear the error after setting non-fips mode (bsc#947104)
- Improve S/390 performance on IBM z196 and z13 (bsc#954256)
- Add support for 'ciphers' providing no encryption (bsc#937085)
libxml2 security issues fixed:
- CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application [bsc#960674]
- CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]
- CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]
- CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]
- CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]
- CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]
- CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]
- CVE-2015-5312 Fix another entity expansion issue [bnc#957105]
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]
- CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]
- CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]
- CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]
- CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]
And other security and non-security updates found in the SUSE Linux Enterprise 12 GA line.
Patchnames
SUSE-SLE-Module-Containers-12-2016-459
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for sles12-docker-image", title: "Title of the patch", }, { category: "description", text: "\nThis update for sles12-docker-image fixes issues with binaries and libraries included in the image\nwhere security updates have been made available in the last weeks.\n\nglibc security issues fixed:\n- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)\n- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)\n- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)\n- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)\n- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)\n- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)\n\nglibc bugs fixed:\n- bsc#955647: Resource leak in resolver\n- bsc#956716: Don't do lock elision on an error checking mutex\n- bsc#958315: Reinitialize dl_load_write_lock on fork\n\nopenssl security bugs fixed:\nSecurity issues fixed:\n- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):\n OpenSSL was vulnerable to a cross-protocol attack that could lead to\n decryption of TLS sessions by using a server supporting SSLv2 and\n EXPORT cipher suites as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to:\n\n * Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable\n 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the\n SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL\n protocol 2 by default previously.\n\n * Disable all weak EXPORT ciphers by default. These can be reenabled\n if required by old legacy software using the environment variable\n 'OPENSSL_ALLOW_EXPORT'.\n\n- CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050)\n Various changes in the modular exponentation code were added that\n make sure that it is not possible to recover RSA secret keys by\n analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture.\n\n Note that this was only exploitable if the malicious code was running\n on the same hyper threaded Intel Sandy Bridge processor as the victim\n thread performing decryptions.\n\n- CVE-2016-0705 (bnc#968047):\n A double free() bug in the DSA ASN1 parser code was fixed that could\n be abused to facilitate a denial-of-service attack.\n\n- CVE-2016-0797 (bnc#968048):\n The BN_hex2bn() and BN_dec2bn() functions had a bug that could result\n in an attempt to de-reference a NULL pointer leading to crashes.\n This could have security consequences if these functions were ever\n called by user applications with large untrusted hex/decimal data. Also,\n internal usage of these functions in OpenSSL uses data from config files\n or application command line arguments. If user developed applications\n generated config file data based on untrusted data, then this could\n have had security consequences as well.\n\n- CVE-2016-0798 (bnc#968265)\n The SRP user database lookup method SRP_VBASE_get_by_user() had a memory\n leak that attackers could abuse to facility DoS attacks. To mitigate\n the issue, the seed handling in SRP_VBASE_get_by_user() was disabled\n even if the user has configured a seed. Applications are advised to\n migrate to SRP_VBASE_get1_by_user().\n\n- CVE-2016-0799 (bnc#968374)\n On many 64 bit systems, the internal fmtstr() and doapr_outch()\n functions could miscalculate the length of a string and attempt to\n access out-of-bounds memory locations. These problems could have\n enabled attacks where large amounts of untrusted data is passed to\n the BIO_*printf functions. If applications use these functions in\n this way then they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps of ASN.1\n data. Therefore applications that print this data could have been\n vulnerable if the data is from untrusted sources. OpenSSL command line\n applications could also have been vulnerable when they print out ASN.1\n data, or if untrusted data is passed as command line arguments. Libssl\n is not considered directly vulnerable.\n\n- CVE-2015-3197 (bsc#963415):\n The SSLv2 protocol did not block disabled ciphers.\n\nNote that the March 1st 2016 release also references following CVEs\nthat were fixed by us with CVE-2015-0293 in 2015:\n\n- CVE-2016-0703 (bsc#968051): This issue only affected versions of\n OpenSSL prior to March 19th 2015 at which time the code was refactored\n to address vulnerability CVE-2015-0293. It would have made the above\n 'DROWN' attack much easier.\n- CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2'\n This issue only affected versions of OpenSSL prior to March 19th\n 2015 at which time the code was refactored to address vulnerability\n CVE-2015-0293. It would have made the above 'DROWN' attack much easier.\n\n- CVE-2015-3194: The signature verification routines will crash with a\n NULL pointer dereference if presented with an ASN.1 signature using the\n RSA PSS algorithm and absent mask generation function parameter. Since\n these routines are used to verify certificate signature algorithms\n this can be used to crash any certificate verification operation and\n exploited in a DoS attack. Any application which performs certificate\n verification is vulnerable including OpenSSL clients and servers which\n enable client authentication. (bsc#957815)\n- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak\n memory. This structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from untrusted sources is affected.\n SSL/TLS is not affected. (bsc#957812)\n- CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then\n the values were wrongly updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a double free of the\n identify hint data. (bsc#957813)\n\nopenssl bugs fixed:\n- Avoid running OPENSSL_config twice. This avoids breaking\n engine loading. (bsc#952871)\n- Ensure that OpenSSL doesn't fall back to the default digest\n algorithm (SHA1) in case a non-FIPS algorithm was negotiated while\n running in FIPS mode. Instead, OpenSSL will refuse the digest.\n (bnc#958501)\n- Clear the error after setting non-fips mode (bsc#947104)\n- Improve S/390 performance on IBM z196 and z13 (bsc#954256)\n- Add support for 'ciphers' providing no encryption (bsc#937085)\n\nlibxml2 security issues fixed:\n- CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application [bsc#960674]\n- CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]\n- CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]\n- CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]\n- CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]\n- CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]\n- CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]\n- CVE-2015-5312 Fix another entity expansion issue [bnc#957105]\n- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]\n- CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]\n- CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]\n- CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]\n- CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]\n- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]\n\nAnd other security and non-security updates found in the SUSE Linux Enterprise 12 GA line.\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Module-Containers-12-2016-459", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0786-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:0786-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20160786-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:0786-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001948.html", }, { category: "self", summary: "SUSE Bug 969591", url: "https://bugzilla.suse.com/969591", }, { category: "self", summary: "SUSE CVE CVE-2014-9761 page", url: "https://www.suse.com/security/cve/CVE-2014-9761/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-3194 page", url: "https://www.suse.com/security/cve/CVE-2015-3194/", }, { category: "self", summary: "SUSE CVE CVE-2015-3195 page", url: "https://www.suse.com/security/cve/CVE-2015-3195/", }, { category: "self", summary: "SUSE CVE CVE-2015-3196 page", url: "https://www.suse.com/security/cve/CVE-2015-3196/", }, { category: "self", summary: "SUSE CVE CVE-2015-3197 page", url: "https://www.suse.com/security/cve/CVE-2015-3197/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7547 page", url: "https://www.suse.com/security/cve/CVE-2015-7547/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2015-8710 page", url: "https://www.suse.com/security/cve/CVE-2015-8710/", }, { category: "self", summary: "SUSE CVE CVE-2015-8776 page", url: "https://www.suse.com/security/cve/CVE-2015-8776/", }, { category: "self", summary: "SUSE CVE CVE-2015-8777 page", url: "https://www.suse.com/security/cve/CVE-2015-8777/", }, { category: "self", summary: "SUSE CVE CVE-2015-8778 page", url: "https://www.suse.com/security/cve/CVE-2015-8778/", }, { category: "self", summary: "SUSE CVE CVE-2015-8779 page", url: "https://www.suse.com/security/cve/CVE-2015-8779/", }, { category: "self", summary: "SUSE CVE CVE-2016-0702 page", url: "https://www.suse.com/security/cve/CVE-2016-0702/", }, { category: "self", summary: "SUSE CVE CVE-2016-0703 page", url: "https://www.suse.com/security/cve/CVE-2016-0703/", }, { category: "self", summary: "SUSE CVE CVE-2016-0704 page", url: "https://www.suse.com/security/cve/CVE-2016-0704/", }, { category: "self", summary: "SUSE CVE CVE-2016-0705 page", url: "https://www.suse.com/security/cve/CVE-2016-0705/", }, { category: "self", summary: "SUSE CVE CVE-2016-0797 page", url: "https://www.suse.com/security/cve/CVE-2016-0797/", }, { category: "self", summary: "SUSE CVE CVE-2016-0798 page", url: "https://www.suse.com/security/cve/CVE-2016-0798/", }, { category: "self", summary: "SUSE CVE CVE-2016-0799 page", url: "https://www.suse.com/security/cve/CVE-2016-0799/", }, { category: "self", summary: "SUSE CVE CVE-2016-0800 page", url: "https://www.suse.com/security/cve/CVE-2016-0800/", }, ], title: "Security update for sles12-docker-image", tracking: { current_release_date: "2016-03-16T10:28:25Z", generator: { date: "2016-03-16T10:28:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:0786-1", initial_release_date: "2016-03-16T10:28:25Z", revision_history: [ { date: "2016-03-16T10:28:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "sles12-docker-image-1.1.1-20160307082632.ppc64le", product: { name: "sles12-docker-image-1.1.1-20160307082632.ppc64le", product_id: "sles12-docker-image-1.1.1-20160307082632.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "sles12-docker-image-1.1.1-20160307082632.s390x", product: { name: "sles12-docker-image-1.1.1-20160307082632.s390x", product_id: "sles12-docker-image-1.1.1-20160307082632.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "sles12-docker-image-1.1.1-20160307082632.x86_64", product: { name: "sles12-docker-image-1.1.1-20160307082632.x86_64", product_id: "sles12-docker-image-1.1.1-20160307082632.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 12", product: { name: "SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "sles12-docker-image-1.1.1-20160307082632.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", }, product_reference: "sles12-docker-image-1.1.1-20160307082632.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "sles12-docker-image-1.1.1-20160307082632.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", }, product_reference: "sles12-docker-image-1.1.1-20160307082632.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "sles12-docker-image-1.1.1-20160307082632.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", }, product_reference: "sles12-docker-image-1.1.1-20160307082632.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, ], }, vulnerabilities: [ { cve: "CVE-2014-9761", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9761", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9761", url: "https://www.suse.com/security/cve/CVE-2014-9761", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2014-9761", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962738 for CVE-2014-9761", url: "https://bugzilla.suse.com/962738", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2014-9761", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "critical", }, ], title: "CVE-2014-9761", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-3194", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3194", }, ], notes: [ { category: "general", text: "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3194", url: "https://www.suse.com/security/cve/CVE-2015-3194", }, { category: "external", summary: "SUSE Bug 957812 for CVE-2015-3194", url: "https://bugzilla.suse.com/957812", }, { category: "external", summary: "SUSE Bug 957815 for CVE-2015-3194", url: "https://bugzilla.suse.com/957815", }, { category: "external", summary: "SUSE Bug 958768 for CVE-2015-3194", url: "https://bugzilla.suse.com/958768", }, { category: "external", summary: "SUSE Bug 976341 for CVE-2015-3194", url: "https://bugzilla.suse.com/976341", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2015-3194", url: "https://bugzilla.suse.com/990370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-3194", }, { cve: "CVE-2015-3195", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3195", }, ], notes: [ { category: "general", text: "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3195", url: "https://www.suse.com/security/cve/CVE-2015-3195", }, { category: "external", summary: "SUSE Bug 923755 for CVE-2015-3195", url: "https://bugzilla.suse.com/923755", }, { category: "external", summary: "SUSE Bug 957812 for CVE-2015-3195", url: "https://bugzilla.suse.com/957812", }, { category: "external", summary: "SUSE Bug 957815 for CVE-2015-3195", url: "https://bugzilla.suse.com/957815", }, { category: "external", summary: "SUSE Bug 958768 for CVE-2015-3195", url: "https://bugzilla.suse.com/958768", }, { category: "external", summary: "SUSE Bug 963977 for CVE-2015-3195", url: "https://bugzilla.suse.com/963977", }, { category: "external", summary: "SUSE Bug 986238 for CVE-2015-3195", url: "https://bugzilla.suse.com/986238", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-3195", }, { cve: "CVE-2015-3196", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3196", }, ], notes: [ { category: "general", text: "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3196", url: "https://www.suse.com/security/cve/CVE-2015-3196", }, { category: "external", summary: "SUSE Bug 957813 for CVE-2015-3196", url: "https://bugzilla.suse.com/957813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-3196", }, { cve: "CVE-2015-3197", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3197", }, ], notes: [ { category: "general", text: "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3197", url: "https://www.suse.com/security/cve/CVE-2015-3197", }, { category: "external", summary: "SUSE Bug 963410 for CVE-2015-3197", url: "https://bugzilla.suse.com/963410", }, { category: "external", summary: "SUSE Bug 963415 for CVE-2015-3197", url: "https://bugzilla.suse.com/963415", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2015-3197", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968046 for CVE-2015-3197", url: "https://bugzilla.suse.com/968046", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-3197", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7547", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7547", url: "https://www.suse.com/security/cve/CVE-2015-7547", }, { category: "external", summary: "SUSE Bug 1077097 for CVE-2015-7547", url: "https://bugzilla.suse.com/1077097", }, { category: "external", summary: "SUSE Bug 847227 for CVE-2015-7547", url: "https://bugzilla.suse.com/847227", }, { category: "external", summary: "SUSE Bug 961721 for CVE-2015-7547", url: "https://bugzilla.suse.com/961721", }, { category: "external", summary: "SUSE Bug 967023 for CVE-2015-7547", url: "https://bugzilla.suse.com/967023", }, { category: "external", summary: "SUSE Bug 967061 for CVE-2015-7547", url: "https://bugzilla.suse.com/967061", }, { category: "external", summary: "SUSE Bug 967072 for CVE-2015-7547", url: "https://bugzilla.suse.com/967072", }, { category: "external", summary: "SUSE Bug 967496 for CVE-2015-7547", url: "https://bugzilla.suse.com/967496", }, { category: "external", summary: "SUSE Bug 969216 for CVE-2015-7547", url: "https://bugzilla.suse.com/969216", }, { category: "external", summary: "SUSE Bug 969241 for CVE-2015-7547", url: "https://bugzilla.suse.com/969241", }, { category: "external", summary: "SUSE Bug 969591 for CVE-2015-7547", url: "https://bugzilla.suse.com/969591", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-7547", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "important", }, ], title: "CVE-2015-7547", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2015-8710", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8710", }, ], notes: [ { category: "general", text: "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8710", url: "https://www.suse.com/security/cve/CVE-2015-8710", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8710", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 960674 for CVE-2015-8710", url: "https://bugzilla.suse.com/960674", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8710", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2015-8710", }, { cve: "CVE-2015-8776", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8776", }, ], notes: [ { category: "general", text: "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8776", url: "https://www.suse.com/security/cve/CVE-2015-8776", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8776", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962736 for CVE-2015-8776", url: "https://bugzilla.suse.com/962736", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8776", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-8776", }, { cve: "CVE-2015-8777", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8777", }, ], notes: [ { category: "general", text: "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8777", url: "https://www.suse.com/security/cve/CVE-2015-8777", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8777", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 950944 for CVE-2015-8777", url: "https://bugzilla.suse.com/950944", }, { category: "external", summary: "SUSE Bug 962735 for CVE-2015-8777", url: "https://bugzilla.suse.com/962735", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-8777", }, { cve: "CVE-2015-8778", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8778", }, ], notes: [ { category: "general", text: "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8778", url: "https://www.suse.com/security/cve/CVE-2015-8778", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8778", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962737 for CVE-2015-8778", url: "https://bugzilla.suse.com/962737", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8778", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2015-8778", }, { cve: "CVE-2015-8779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8779", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8779", url: "https://www.suse.com/security/cve/CVE-2015-8779", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8779", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962739 for CVE-2015-8779", url: "https://bugzilla.suse.com/962739", }, { category: "external", summary: "SUSE Bug 965453 for CVE-2015-8779", url: "https://bugzilla.suse.com/965453", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8779", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "important", }, ], title: "CVE-2015-8779", }, { cve: "CVE-2016-0702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0702", }, ], notes: [ { category: "general", text: "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0702", url: "https://www.suse.com/security/cve/CVE-2016-0702", }, { category: "external", summary: "SUSE Bug 1007806 for CVE-2016-0702", url: "https://bugzilla.suse.com/1007806", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0702", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968050 for CVE-2016-0702", url: "https://bugzilla.suse.com/968050", }, { category: "external", summary: "SUSE Bug 971238 for CVE-2016-0702", url: "https://bugzilla.suse.com/971238", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2016-0702", url: "https://bugzilla.suse.com/990370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "important", }, ], title: "CVE-2016-0702", }, { cve: "CVE-2016-0703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0703", }, ], notes: [ { category: "general", text: "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0703", url: "https://www.suse.com/security/cve/CVE-2016-0703", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0703", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968046 for CVE-2016-0703", url: "https://bugzilla.suse.com/968046", }, { category: "external", summary: "SUSE Bug 968051 for CVE-2016-0703", url: "https://bugzilla.suse.com/968051", }, { category: "external", summary: "SUSE Bug 986238 for CVE-2016-0703", url: "https://bugzilla.suse.com/986238", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2016-0703", }, { cve: "CVE-2016-0704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0704", }, ], notes: [ { category: "general", text: "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0704", url: "https://www.suse.com/security/cve/CVE-2016-0704", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0704", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968053 for CVE-2016-0704", url: "https://bugzilla.suse.com/968053", }, { category: "external", summary: "SUSE Bug 986238 for CVE-2016-0704", url: "https://bugzilla.suse.com/986238", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2016-0704", }, { cve: "CVE-2016-0705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0705", }, ], notes: [ { category: "general", text: "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0705", url: "https://www.suse.com/security/cve/CVE-2016-0705", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0705", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968047 for CVE-2016-0705", url: "https://bugzilla.suse.com/968047", }, { category: "external", summary: "SUSE Bug 971238 for CVE-2016-0705", url: "https://bugzilla.suse.com/971238", }, { category: "external", summary: "SUSE Bug 976341 for CVE-2016-0705", url: "https://bugzilla.suse.com/976341", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "critical", }, ], title: "CVE-2016-0705", }, { cve: "CVE-2016-0797", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0797", }, ], notes: [ { category: "general", text: "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0797", url: "https://www.suse.com/security/cve/CVE-2016-0797", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0797", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968048 for CVE-2016-0797", url: "https://bugzilla.suse.com/968048", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2016-0797", url: "https://bugzilla.suse.com/990370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "important", }, ], title: "CVE-2016-0797", }, { cve: "CVE-2016-0798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0798", }, ], notes: [ { category: "general", text: "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0798", url: "https://www.suse.com/security/cve/CVE-2016-0798", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0798", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968265 for CVE-2016-0798", url: "https://bugzilla.suse.com/968265", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "important", }, ], title: "CVE-2016-0798", }, { cve: "CVE-2016-0799", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0799", }, ], notes: [ { category: "general", text: "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0799", url: "https://www.suse.com/security/cve/CVE-2016-0799", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0799", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968374 for CVE-2016-0799", url: "https://bugzilla.suse.com/968374", }, { category: "external", summary: "SUSE Bug 969517 for CVE-2016-0799", url: "https://bugzilla.suse.com/969517", }, { category: "external", summary: "SUSE Bug 989345 for CVE-2016-0799", url: "https://bugzilla.suse.com/989345", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2016-0799", url: "https://bugzilla.suse.com/990370", }, { category: "external", summary: "SUSE Bug 991722 for CVE-2016-0799", url: "https://bugzilla.suse.com/991722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "low", }, ], title: "CVE-2016-0799", }, { cve: "CVE-2016-0800", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0800", }, ], notes: [ { category: "general", text: "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0800", url: "https://www.suse.com/security/cve/CVE-2016-0800", }, { category: "external", summary: "SUSE Bug 1106871 for CVE-2016-0800", url: "https://bugzilla.suse.com/1106871", }, { category: "external", summary: "SUSE Bug 961377 for CVE-2016-0800", url: "https://bugzilla.suse.com/961377", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0800", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968046 for CVE-2016-0800", url: "https://bugzilla.suse.com/968046", }, { category: "external", summary: "SUSE Bug 968888 for CVE-2016-0800", url: "https://bugzilla.suse.com/968888", }, { category: "external", summary: "SUSE Bug 969591 for CVE-2016-0800", url: "https://bugzilla.suse.com/969591", }, { category: "external", summary: "SUSE Bug 979060 for CVE-2016-0800", url: "https://bugzilla.suse.com/979060", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.ppc64le", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.s390x", "SUSE Linux Enterprise Module for Containers 12:sles12-docker-image-1.1.1-20160307082632.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-16T10:28:25Z", details: "moderate", }, ], title: "CVE-2016-0800", }, ], }
var-201511-0087
Vulnerability from variot
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Libxml2 is prone to a denial-of-service vulnerability. Successful exploit will result in a denial-of-service condition. Libxml2 2.9.1 and prior versions are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. The vulnerability is caused by the program not properly checking for compression errors. Summary:
Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.
Security Fix(es):
-
Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)
-
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
-
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
-
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
-
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
-
A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)
-
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
-
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.
- Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1213957 - CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1277146 - CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1311076 - CVE-2015-5351 tomcat: CSRF token leak 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms 1311085 - CVE-2015-5346 tomcat: Session fixation 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet 1311089 - CVE-2015-5345 tomcat: directory disclosure 1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
- JIRA issues fixed (https://issues.jboss.org/):
JWS-271 - User submitted session ID JWS-272 - User submitted session ID JWS-276 - Welcome File processing refactoring - CVE-2015-5345 low JWS-277 - Welcome File processing refactoring - CVE-2015-5345 low JWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate JWS-304 - Restrict another manager servlet - CVE-2016-0706 low JWS-349 - Session serialization safety - CVE-2016-0714 moderate JWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate
- References:
https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-5345 https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8035 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/cve/CVE-2015-8710 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXO0eWXlSAg2UNWIIRAjqoAJ9kJfUdG/dzrjc6CPe+Ah1NIaqvsACfZE1q 9d1Ta2CX5a+zVXOqLprEvM0= =ByHT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37
https://security.gentoo.org/
Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37
Synopsis
Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code.
Background
libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1
Description
Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"
References
[ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5.
For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions.
For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions.
We recommend that you upgrade your libxml2 packages. 7) - x86_64
Security Fix(es):
-
libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
-
libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
-
libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
-
libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
-
libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
-
libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1277146 - CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression 1358641 - CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to 1523128 - CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c 1566749 - CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c 1595985 - CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c 1619875 - CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
============================================================================ Ubuntu Security Notice USN-2812-1 November 16, 2015
libxml2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819)
Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941)
Kostya Serebryany discovered that libxml2 incorrectly handled certain XML data. (CVE-2015-7942)
Gustavo Grieco discovered that libxml2 incorrectly handled certain XML data. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8035)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.1
Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.1
Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.5
Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.12
After a standard system update you need to reboot your computer to make all the necessary changes. CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to track sensitive user information Description: A hidden web page may be able to access device- orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden. CVE-ID CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0087", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "libxml2", scope: "eq", trust: 1.8, vendor: "xmlsoft", version: "2.9.1", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "8.0", }, { model: "tvos", scope: "lte", trust: 1, vendor: "apple", version: "9.1", }, { model: "mac os x", scope: "lte", trust: 1, vendor: "apple", version: "10.11.3", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "7.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "14.04", }, { model: "iphone os", scope: "lte", trust: 1, vendor: "apple", version: "9.2.1", }, { model: "watchos", scope: "lte", trust: 1, vendor: "apple", version: "2.1", }, { model: "ubuntu", scope: "eq", trust: 0.8, vendor: "canonical", version: "12.04 lts", }, { model: "ubuntu", scope: "eq", trust: 0.8, vendor: "canonical", version: "14.04 lts", }, { model: "ubuntu", scope: "eq", trust: 0.8, vendor: "canonical", version: "15.04", }, { model: "ubuntu", scope: "eq", trust: 0.8, vendor: "canonical", version: "15.10", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10.5", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.11 to 10.11.3", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3 (ipad 2 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3 (iphone 4s or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3 (ipod touch first 5 after generation )", }, { model: "tvos", scope: "lt", trust: 0.8, vendor: "apple", version: "9.2 (apple tv first 4 generation )", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch edition)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch hermes)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch sport)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch)", }, { model: "hpe insight control", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "none", }, { model: "hpe insight control", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "server provisioning", }, { model: "hpe server migration pack", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe systems insight manager", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe version control repository manager", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "system management homepage", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "watchos", scope: "eq", trust: 0.6, vendor: "apple", version: "2.1", }, { model: "tv", scope: "eq", trust: 0.6, vendor: "apple", version: "9.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.10", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.13", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.7.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.9", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.15", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.8", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.16", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.29", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.20", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.16", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.13", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.3", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.10", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.14", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.14", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.32", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.21", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.9", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.7.3", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.3", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.14", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.8", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.9", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.1.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.5", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.11", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.16", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.20", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.3", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "ipod touch", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.7.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.25", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.5", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.30", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.12", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.5", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.12", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.28", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.30", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.23", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.3", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.9", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.15", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.18", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.8", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.22", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "ios beta", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.11", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.8", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.13", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.31", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.26", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.12", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.5", }, { model: "iphone", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.10", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.7.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.27", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.26", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.18", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.17", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.11", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.14", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.11", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.24", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.27", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.17", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.0.0", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.22", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.3", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "ipad", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.7", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.11", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.3", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.19", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.5.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.4.13", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "1.8.7", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.5", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.2.8", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.3.6", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.7.4", }, { model: "libxml2", scope: "eq", trust: 0.3, vendor: "xmlsoft", version: "2.6.1", }, ], sources: [ { db: "BID", id: "77390", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "CNNVD", id: "CNNVD-201511-025", }, { db: "NVD", id: "CVE-2015-8035", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.11.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-8035", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Gustavo Grieco", sources: [ { db: "BID", id: "77390", }, { db: "CNNVD", id: "CNNVD-201511-025", }, ], trust: 0.9, }, cve: "CVE-2015-8035", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", exploitabilityScore: 4.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "High", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 2.6, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-8035", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "VHN-85996", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:N/AC:H/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-8035", trust: 1.8, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201511-025", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-85996", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-85996", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "CNNVD", id: "CNNVD-201511-025", }, { db: "NVD", id: "CVE-2015-8035", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Libxml2 is prone to a denial-of-service vulnerability. \nSuccessful exploit will result in a denial-of-service condition. \nLibxml2 2.9.1 and prior versions are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. The vulnerability is caused by the program not properly checking for compression errors. Summary:\n\nRed Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise\nLinux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for\nRed Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements,\nwhich are documented in the Release Notes documented linked to in the\nReferences. \n\nSecurity Fix(es):\n\n* Several denial of service flaws were found in libxml2, a library\nproviding support for reading, modifying, and writing XML and HTML files. A\nremote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause that\napplication to use an excessive amount of CPU, leak potentially sensitive\ninformation, or in certain cases crash the application. (CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942,\nCVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242,\nCVE-2015-8317)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause an\napplication using OpenSSL to crash when imported. (CVE-2015-0209)\n\n* It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original\nreporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500;\nHugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242;\nand Hanno Boeck as the original reporter of CVE-2015-8317. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1213957 - CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment\n1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access\n1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()\n1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input\n1277146 - CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled\n1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey\n1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl\n1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW\n1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration\n1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar\n1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc\n1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode\n1311076 - CVE-2015-5351 tomcat: CSRF token leak\n1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms\n1311085 - CVE-2015-5346 tomcat: Session fixation\n1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet\n1311089 - CVE-2015-5345 tomcat: directory disclosure\n1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-271 - User submitted session ID\nJWS-272 - User submitted session ID\nJWS-276 - Welcome File processing refactoring - CVE-2015-5345 low\nJWS-277 - Welcome File processing refactoring - CVE-2015-5345 low\nJWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate\nJWS-304 - Restrict another manager servlet - CVE-2016-0706 low\nJWS-349 - Session serialization safety - CVE-2016-0714 moderate\nJWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0209\nhttps://access.redhat.com/security/cve/CVE-2015-5312\nhttps://access.redhat.com/security/cve/CVE-2015-5345\nhttps://access.redhat.com/security/cve/CVE-2015-5346\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2015-7497\nhttps://access.redhat.com/security/cve/CVE-2015-7498\nhttps://access.redhat.com/security/cve/CVE-2015-7499\nhttps://access.redhat.com/security/cve/CVE-2015-7500\nhttps://access.redhat.com/security/cve/CVE-2015-7941\nhttps://access.redhat.com/security/cve/CVE-2015-7942\nhttps://access.redhat.com/security/cve/CVE-2015-8035\nhttps://access.redhat.com/security/cve/CVE-2015-8241\nhttps://access.redhat.com/security/cve/CVE-2015-8242\nhttps://access.redhat.com/security/cve/CVE-2015-8317\nhttps://access.redhat.com/security/cve/CVE-2015-8710\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3\n\n7. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXO0eWXlSAg2UNWIIRAjqoAJ9kJfUdG/dzrjc6CPe+Ah1NIaqvsACfZE1q\n9d1Ta2CX5a+zVXOqLprEvM0=\n=ByHT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libxml2: Multiple vulnerabilities\n Date: January 16, 2017\n Bugs: #564776, #566374, #572878, #573820, #577998, #582538,\n #582540, #583888, #589816, #597112, #597114, #597116\n ID: 201701-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libxml2, the worst of which\ncould lead to the execution of arbitrary code. \n\nBackground\n==========\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit\ninitially developed for the Gnome project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.9.4-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819\n[ 2 ] CVE-2015-5312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312\n[ 3 ] CVE-2015-7497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497\n[ 4 ] CVE-2015-7498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498\n[ 5 ] CVE-2015-7499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499\n[ 6 ] CVE-2015-7500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500\n[ 7 ] CVE-2015-7941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941\n[ 8 ] CVE-2015-7942\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942\n[ 9 ] CVE-2015-8035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035\n[ 10 ] CVE-2015-8242\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242\n[ 11 ] CVE-2015-8806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806\n[ 12 ] CVE-2016-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836\n[ 13 ] CVE-2016-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838\n[ 14 ] CVE-2016-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839\n[ 15 ] CVE-2016-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840\n[ 16 ] CVE-2016-2073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073\n[ 17 ] CVE-2016-3627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627\n[ 18 ] CVE-2016-3705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705\n[ 19 ] CVE-2016-4483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483\n[ 20 ] CVE-2016-4658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658\n[ 21 ] CVE-2016-5131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.8.0+dfsg1-7+wheezy5. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.3+dfsg1-1 or earlier versions. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.3+dfsg1-1 or earlier versions. \n\nWe recommend that you upgrade your libxml2 packages. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* libxml2: Use after free triggered by XPointer paths beginning with\nrange-to (CVE-2016-5131)\n\n* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate()\nfunction in xpath.c (CVE-2017-15412)\n\n* libxml2: DoS caused by incorrect error detection during XZ decompression\n(CVE-2015-8035)\n\n* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in\nxpath.c (CVE-2018-14404)\n\n* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c\n(CVE-2017-18258)\n\n* libxml2: Infinite loop caused by incorrect error detection during LZMA\ndecompression (CVE-2018-14567)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1277146 - CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression\n1358641 - CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to\n1523128 - CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c\n1566749 - CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c\n1595985 - CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c\n1619875 - CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. ============================================================================\nUbuntu Security Notice USN-2812-1\nNovember 16, 2015\n\nlibxml2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in libxml2. If a user or automated system were tricked into opening a specially\ncrafted document, an attacker could possibly cause resource consumption,\nresulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819)\n\nMichal Zalewski discovered that libxml2 incorrectly handled certain XML\ndata. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain XML\ndata. \n(CVE-2015-7942)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain XML\ndata. This issue only affected\nUbuntu 14.04 LTS. (CVE-2015-8035)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libxml2 2.9.2+zdfsg1-4ubuntu0.1\n\nUbuntu 15.04:\n libxml2 2.9.2+dfsg1-3ubuntu0.1\n\nUbuntu 14.04 LTS:\n libxml2 2.9.1+dfsg1-3ubuntu4.5\n\nUbuntu 12.04 LTS:\n libxml2 2.7.8.dfsg-5.1ubuntu4.12\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nCVE-ID\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. \n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A website may be able to track sensitive user information\nDescription: A hidden web page may be able to access device-\norientation and device-motion data. This issue was addressed by\nsuspending the availability of this data when the web view is hidden. \nCVE-ID\nCVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. \nShahandashti, and Feng Hao of the School of Computing Science,\nNewcastle University, UK\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may reveal a user's\ncurrent location\nDescription: An issue existed in the parsing of geolocation\nrequests. \nCVE-ID\nCVE-2016-1779 : xisigr of Tencent's Xuanwu Lab\n(http://www.tencent.com)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may be able to access restricted ports\non arbitrary servers\nDescription: A port redirection issue was addressed through\nadditional port validation. \nCVE-ID\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of\n无声信息技术PKAV Team (PKAV.net)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A caching issue existed with character encoding. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer's Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple's update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don't Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mariš\nCVE-2015-8472 : Adam Mariš\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application's context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro's Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro's Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple's certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client's private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mariš\nCVE-2015-8472 : Adam Mariš\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mariš\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple's Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n", sources: [ { db: "NVD", id: "CVE-2015-8035", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "BID", id: "77390", }, { db: "VULHUB", id: "VHN-85996", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "137101", }, { db: "PACKETSTORM", id: "140533", }, { db: "PACKETSTORM", id: "135045", }, { db: "PACKETSTORM", id: "157021", }, { db: "PACKETSTORM", id: "134383", }, { db: "PACKETSTORM", id: "136342", }, { db: "PACKETSTORM", id: "136346", }, ], trust: 2.7, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-85996", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-85996", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-8035", trust: 3.6, }, { db: "BID", id: "77390", trust: 2, }, { db: "OPENWALL", id: "OSS-SECURITY/2015/11/03/1", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2015/11/02/2", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2015/11/02/4", trust: 1.7, }, { db: "SECTRACK", id: "1034243", trust: 1.7, }, { db: "JVN", id: "JVNVU97668313", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-005980", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201511-025", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2020.2565", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.3732", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2200", trust: 0.6, }, { db: "PACKETSTORM", id: "157021", trust: 0.2, }, { db: "VULHUB", id: "VHN-85996", trust: 0.1, }, { db: "PACKETSTORM", id: "136344", trust: 0.1, }, { db: "PACKETSTORM", id: "137101", trust: 0.1, }, { db: "PACKETSTORM", id: "140533", trust: 0.1, }, { db: "PACKETSTORM", id: "135045", trust: 0.1, }, { db: "PACKETSTORM", id: "134383", trust: 0.1, }, { db: "PACKETSTORM", id: "136342", trust: 0.1, }, { db: "PACKETSTORM", id: "136346", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-85996", }, { db: "BID", id: "77390", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "137101", }, { db: "PACKETSTORM", id: "140533", }, { db: "PACKETSTORM", id: "135045", }, { db: "PACKETSTORM", id: "157021", }, { db: "PACKETSTORM", id: "134383", }, { db: "PACKETSTORM", id: "136342", }, { db: "PACKETSTORM", id: "136346", }, { db: "CNNVD", id: "CNNVD-201511-025", }, { db: "NVD", id: "CVE-2015-8035", }, ], }, id: "VAR-201511-0087", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-85996", }, ], trust: 0.01, }, last_update_date: "2024-07-23T19:46:31.147000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2016-03-21-2 watchOS 2.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html", }, { title: "APPLE-SA-2016-03-21-3 tvOS 9.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html", }, { title: "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html", }, { title: "APPLE-SA-2016-03-21-1 iOS 9.3", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html", }, { title: "HT206166", trust: 0.8, url: "https://support.apple.com/en-us/ht206166", }, { title: "HT206167", trust: 0.8, url: "https://support.apple.com/en-us/ht206167", }, { title: "HT206168", trust: 0.8, url: "https://support.apple.com/en-us/ht206168", }, { title: "HT206169", trust: 0.8, url: "https://support.apple.com/en-us/ht206169", }, { title: "HT206167", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206167", }, { title: "HT206168", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206168", }, { title: "HT206169", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206169", }, { title: "HT206166", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206166", }, { title: "Bug 757466", trust: 0.8, url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, { title: "CVE-2015-8035 Fix XZ compression support loop", trust: 0.8, url: "https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63", }, { title: "HPSBMU03612", trust: 0.8, url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { title: "USN-2812-1", trust: 0.8, url: "http://www.ubuntu.com/usn/usn-2812-1/", }, { title: "Top Page", trust: 0.8, url: "http://xmlsoft.org/index.html", }, { title: "v2.9.3: Nov 20 2015", trust: 0.8, url: "http://xmlsoft.org/news.html", }, { title: "Libxml2‘parser.c’ Remediation measures for remote denial of service vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=90852", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "CNNVD", id: "CNNVD-201511-025", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-399", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-85996", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "NVD", id: "CVE-2015-8035", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://security.gentoo.org/glsa/201701-37", }, { trust: 1.8, url: "http://rhn.redhat.com/errata/rhsa-2016-1089.html", }, { trust: 1.8, url: "http://www.ubuntu.com/usn/usn-2812-1", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/77390", }, { trust: 1.7, url: "http://xmlsoft.org/news.html", }, { trust: 1.7, url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, { trust: 1.7, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017", }, { trust: 1.7, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.7, url: "https://support.apple.com/ht206166", }, { trust: 1.7, url: "https://support.apple.com/ht206167", }, { trust: 1.7, url: "https://support.apple.com/ht206168", }, { trust: 1.7, url: "https://support.apple.com/ht206169", }, { trust: 1.7, url: "http://www.debian.org/security/2015/dsa-3430", }, { trust: 1.7, url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177341.html", }, { trust: 1.7, url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177381.html", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1034243", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8035", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu97668313/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8035", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8035", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7942", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1819", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7499", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5312", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7500", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.3732", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-libxml2-vulnerabilities/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2200/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2565/", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8242", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7941", }, { trust: 0.3, url: "http://seclists.org/oss-sec/2015/q4/206", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972720", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?rs=630&uid=swg21973201", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21975975", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21979767", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8659", }, { trust: 0.3, url: "https://gpgtools.org", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0801", }, { trust: 0.3, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1740", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0802", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7498", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7497", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1751", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1755", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1753", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1750", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1752", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1762", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1775", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1754", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1748", }, { trust: 0.2, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.2, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://bugzilla.redhat.com/):", }, { trust: 0.2, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8241", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-8035", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8317", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5131", }, { trust: 0.2, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1734", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1784", }, { trust: 0.1, url: "https://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1950", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1783", }, { trust: 0.1, url: "https://issues.jboss.org/):", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0763", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.0.3_release_notes/index.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0706", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5345", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0714", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7941", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-8241", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7942", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5346", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-5312", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-0714", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7500", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0209", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8710", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7499", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5351", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-0706", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=webserver&version=3.0.3", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7497", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-8242", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-8317", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7498", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-8710", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-5346", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-5351", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-5345", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-0763", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4483", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1836", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1839", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8806", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2073", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3627", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1838", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4658", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1840", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-15412", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-14404", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-15412", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:1190", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14404", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14567", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-14567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18258", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-5131", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-18258", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.12", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+dfsg1-3ubuntu0.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.5", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.1", }, { trust: 0.1, url: "https://www.apple.com/itunes/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1756", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1757", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1760", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1766", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1761", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1758", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1763", }, { trust: 0.1, url: "http://www.tencent.com)", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7551", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0777", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8472", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3195", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8126", }, { trust: 0.1, url: "https://support.apple.com/kb/ht206171", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1732", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9495", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5334", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1733", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1736", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1735", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0778", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5333", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1738", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1737", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0973", }, ], sources: [ { db: "VULHUB", id: "VHN-85996", }, { db: "BID", id: "77390", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "137101", }, { db: "PACKETSTORM", id: "140533", }, { db: "PACKETSTORM", id: "135045", }, { db: "PACKETSTORM", id: "157021", }, { db: "PACKETSTORM", id: "134383", }, { db: "PACKETSTORM", id: "136342", }, { db: "PACKETSTORM", id: "136346", }, { db: "CNNVD", id: "CNNVD-201511-025", }, { db: "NVD", id: "CVE-2015-8035", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-85996", }, { db: "BID", id: "77390", }, { db: "JVNDB", id: "JVNDB-2015-005980", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "137101", }, { db: "PACKETSTORM", id: "140533", }, { db: "PACKETSTORM", id: "135045", }, { db: "PACKETSTORM", id: "157021", }, { db: "PACKETSTORM", id: "134383", }, { db: "PACKETSTORM", id: "136342", }, { db: "PACKETSTORM", id: "136346", }, { db: "CNNVD", id: "CNNVD-201511-025", }, { db: "NVD", id: "CVE-2015-8035", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-11-18T00:00:00", db: "VULHUB", id: "VHN-85996", }, { date: "2015-11-02T00:00:00", db: "BID", id: "77390", }, { date: "2015-11-20T00:00:00", db: "JVNDB", id: "JVNDB-2015-005980", }, { date: "2016-03-22T15:12:44", db: "PACKETSTORM", id: "136344", }, { date: "2016-05-17T23:47:44", db: "PACKETSTORM", id: "137101", }, { date: "2017-01-17T02:26:10", db: "PACKETSTORM", id: "140533", }, { date: "2015-12-24T17:31:30", db: "PACKETSTORM", id: "135045", }, { date: "2020-04-01T15:13:56", db: "PACKETSTORM", id: "157021", }, { date: "2015-11-17T00:04:00", db: "PACKETSTORM", id: "134383", }, { date: "2016-03-22T15:05:15", db: "PACKETSTORM", id: "136342", }, { date: "2016-03-22T15:18:02", db: "PACKETSTORM", id: "136346", }, { date: "2015-11-04T00:00:00", db: "CNNVD", id: "CNNVD-201511-025", }, { date: "2015-11-18T16:59:09.883000", db: "NVD", id: "CVE-2015-8035", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-03-08T00:00:00", db: "VULHUB", id: "VHN-85996", }, { date: "2016-07-06T14:55:00", db: "BID", id: "77390", }, { date: "2016-09-08T00:00:00", db: "JVNDB", id: "JVNDB-2015-005980", }, { date: "2023-06-30T00:00:00", db: "CNNVD", id: "CNNVD-201511-025", }, { date: "2019-03-08T16:06:36.980000", db: "NVD", id: "CVE-2015-8035", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "135045", }, { db: "CNNVD", id: "CNNVD-201511-025", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "libxml2 of xzlib.c Inside xz_decomp Service disruption in functions (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2015-005980", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "resource management error", sources: [ { db: "CNNVD", id: "CNNVD-201511-025", }, ], trust: 0.6, }, }
opensuse-su-2024:10549-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media
Notes
Title of the patch
ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media
Description of the patch
These are all security issues fixed in the ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10549
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10549", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10549-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, ], title: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10549-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, ], }
opensuse-su-2025:14697-1
Vulnerability from csaf_opensuse
Published
2025-01-25 00:00
Modified
2025-01-25 00:00
Summary
ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media
Notes
Title of the patch
ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.4-rubygem-nokogiri-1.18.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14697
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.4-rubygem-nokogiri-1.18.2-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2025-14697", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14697-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:14697-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5YNW74OL2W7SH2XTAVN5TODNFIVFL3Y/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:14697-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5YNW74OL2W7SH2XTAVN5TODNFIVFL3Y/", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-25032 page", url: "https://www.suse.com/security/cve/CVE-2018-25032/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, { category: "self", summary: "SUSE CVE CVE-2022-23437 page", url: "https://www.suse.com/security/cve/CVE-2022-23437/", }, { category: "self", summary: "SUSE CVE CVE-2022-23476 page", url: "https://www.suse.com/security/cve/CVE-2022-23476/", }, { category: "self", summary: "SUSE CVE CVE-2022-24836 page", url: "https://www.suse.com/security/cve/CVE-2022-24836/", }, { category: "self", summary: "SUSE CVE CVE-2022-24839 page", url: "https://www.suse.com/security/cve/CVE-2022-24839/", }, { category: "self", summary: "SUSE CVE CVE-2022-29181 page", url: "https://www.suse.com/security/cve/CVE-2022-29181/", }, { category: "self", summary: "SUSE CVE CVE-2022-29824 page", url: "https://www.suse.com/security/cve/CVE-2022-29824/", }, { category: "self", summary: "SUSE CVE CVE-2022-34169 page", url: "https://www.suse.com/security/cve/CVE-2022-34169/", }, { category: "self", summary: "SUSE CVE CVE-2023-29469 page", url: "https://www.suse.com/security/cve/CVE-2023-29469/", }, ], title: "ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media", tracking: { current_release_date: "2025-01-25T00:00:00Z", generator: { date: "2025-01-25T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:14697-1", initial_release_date: "2025-01-25T00:00:00Z", revision_history: [ { date: "2025-01-25T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-25032", }, ], notes: [ { category: "general", text: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-25032", url: "https://www.suse.com/security/cve/CVE-2018-25032", }, { category: "external", summary: "SUSE Bug 1197459 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197459", }, { category: "external", summary: "SUSE Bug 1197893 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197893", }, { category: "external", summary: "SUSE Bug 1198667 for CVE-2018-25032", url: "https://bugzilla.suse.com/1198667", }, { category: "external", summary: "SUSE Bug 1199104 for CVE-2018-25032", url: "https://bugzilla.suse.com/1199104", }, { category: "external", summary: "SUSE Bug 1200049 for CVE-2018-25032", url: "https://bugzilla.suse.com/1200049", }, { category: "external", summary: "SUSE Bug 1201732 for CVE-2018-25032", url: "https://bugzilla.suse.com/1201732", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2018-25032", url: "https://bugzilla.suse.com/1202688", }, { category: "external", summary: "SUSE Bug 1224427 for CVE-2018-25032", url: "https://bugzilla.suse.com/1224427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2018-25032", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, { cve: "CVE-2022-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23437", }, ], notes: [ { category: "general", text: "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23437", url: "https://www.suse.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "SUSE Bug 1195108 for CVE-2022-23437", url: "https://bugzilla.suse.com/1195108", }, { category: "external", summary: "SUSE Bug 1196394 for CVE-2022-23437", url: "https://bugzilla.suse.com/1196394", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-23476", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23476", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23476", url: "https://www.suse.com/security/cve/CVE-2022-23476", }, { category: "external", summary: "SUSE Bug 1206227 for CVE-2022-23476", url: "https://bugzilla.suse.com/1206227", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-23476", }, { cve: "CVE-2022-24836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24836", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24836", url: "https://www.suse.com/security/cve/CVE-2022-24836", }, { category: "external", summary: "SUSE Bug 1198408 for CVE-2022-24836", url: "https://bugzilla.suse.com/1198408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-24836", }, { cve: "CVE-2022-24839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24839", }, ], notes: [ { category: "general", text: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24839", url: "https://www.suse.com/security/cve/CVE-2022-24839", }, { category: "external", summary: "SUSE Bug 1198404 for CVE-2022-24839", url: "https://bugzilla.suse.com/1198404", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-24839", }, { cve: "CVE-2022-29181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29181", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29181", url: "https://www.suse.com/security/cve/CVE-2022-29181", }, { category: "external", summary: "SUSE Bug 1199782 for CVE-2022-29181", url: "https://bugzilla.suse.com/1199782", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-29181", }, { cve: "CVE-2022-29824", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29824", }, ], notes: [ { category: "general", text: "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29824", url: "https://www.suse.com/security/cve/CVE-2022-29824", }, { category: "external", summary: "SUSE Bug 1199132 for CVE-2022-29824", url: "https://bugzilla.suse.com/1199132", }, { category: "external", summary: "SUSE Bug 1202878 for CVE-2022-29824", url: "https://bugzilla.suse.com/1202878", }, { category: "external", summary: "SUSE Bug 1204121 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204121", }, { category: "external", summary: "SUSE Bug 1204131 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204131", }, { category: "external", summary: "SUSE Bug 1205069 for CVE-2022-29824", url: "https://bugzilla.suse.com/1205069", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-29824", }, { cve: "CVE-2022-34169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-34169", }, ], notes: [ { category: "general", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-34169", url: "https://www.suse.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "SUSE Bug 1201684 for CVE-2022-34169", url: "https://bugzilla.suse.com/1201684", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-34169", url: "https://bugzilla.suse.com/1202427", }, { category: "external", summary: "SUSE Bug 1207688 for CVE-2022-34169", url: "https://bugzilla.suse.com/1207688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2023-29469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-29469", }, ], notes: [ { category: "general", text: "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-29469", url: "https://www.suse.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "SUSE Bug 1210412 for CVE-2023-29469", url: "https://bugzilla.suse.com/1210412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-29469", }, ], }
opensuse-su-2024:14174-1
Vulnerability from csaf_opensuse
Published
2024-07-12 00:00
Modified
2024-07-12 00:00
Summary
ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media
Notes
Title of the patch
ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media
Description of the patch
These are all security issues fixed in the ruby3.3-rubygem-nokogiri-1.15.5-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14174
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.3-rubygem-nokogiri-1.15.5-1.5 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14174", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14174-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-25032 page", url: "https://www.suse.com/security/cve/CVE-2018-25032/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, { category: "self", summary: "SUSE CVE CVE-2022-23437 page", url: "https://www.suse.com/security/cve/CVE-2022-23437/", }, { category: "self", summary: "SUSE CVE CVE-2022-23476 page", url: "https://www.suse.com/security/cve/CVE-2022-23476/", }, { category: "self", summary: "SUSE CVE CVE-2022-24836 page", url: "https://www.suse.com/security/cve/CVE-2022-24836/", }, { category: "self", summary: "SUSE CVE CVE-2022-24839 page", url: "https://www.suse.com/security/cve/CVE-2022-24839/", }, { category: "self", summary: "SUSE CVE CVE-2022-29181 page", url: "https://www.suse.com/security/cve/CVE-2022-29181/", }, { category: "self", summary: "SUSE CVE CVE-2022-29824 page", url: "https://www.suse.com/security/cve/CVE-2022-29824/", }, { category: "self", summary: "SUSE CVE CVE-2022-34169 page", url: "https://www.suse.com/security/cve/CVE-2022-34169/", }, { category: "self", summary: "SUSE CVE CVE-2023-29469 page", url: "https://www.suse.com/security/cve/CVE-2023-29469/", }, ], title: "ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media", tracking: { current_release_date: "2024-07-12T00:00:00Z", generator: { date: "2024-07-12T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14174-1", initial_release_date: "2024-07-12T00:00:00Z", revision_history: [ { date: "2024-07-12T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-25032", }, ], notes: [ { category: "general", text: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-25032", url: "https://www.suse.com/security/cve/CVE-2018-25032", }, { category: "external", summary: "SUSE Bug 1197459 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197459", }, { category: "external", summary: "SUSE Bug 1197893 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197893", }, { category: "external", summary: "SUSE Bug 1198667 for CVE-2018-25032", url: "https://bugzilla.suse.com/1198667", }, { category: "external", summary: "SUSE Bug 1199104 for CVE-2018-25032", url: "https://bugzilla.suse.com/1199104", }, { category: "external", summary: "SUSE Bug 1200049 for CVE-2018-25032", url: "https://bugzilla.suse.com/1200049", }, { category: "external", summary: "SUSE Bug 1201732 for CVE-2018-25032", url: "https://bugzilla.suse.com/1201732", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2018-25032", url: "https://bugzilla.suse.com/1202688", }, { category: "external", summary: "SUSE Bug 1224427 for CVE-2018-25032", url: "https://bugzilla.suse.com/1224427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2018-25032", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, { cve: "CVE-2022-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23437", }, ], notes: [ { category: "general", text: "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23437", url: "https://www.suse.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "SUSE Bug 1195108 for CVE-2022-23437", url: "https://bugzilla.suse.com/1195108", }, { category: "external", summary: "SUSE Bug 1196394 for CVE-2022-23437", url: "https://bugzilla.suse.com/1196394", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-23476", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23476", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23476", url: "https://www.suse.com/security/cve/CVE-2022-23476", }, { category: "external", summary: "SUSE Bug 1206227 for CVE-2022-23476", url: "https://bugzilla.suse.com/1206227", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-23476", }, { cve: "CVE-2022-24836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24836", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24836", url: "https://www.suse.com/security/cve/CVE-2022-24836", }, { category: "external", summary: "SUSE Bug 1198408 for CVE-2022-24836", url: "https://bugzilla.suse.com/1198408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-24836", }, { cve: "CVE-2022-24839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24839", }, ], notes: [ { category: "general", text: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24839", url: "https://www.suse.com/security/cve/CVE-2022-24839", }, { category: "external", summary: "SUSE Bug 1198404 for CVE-2022-24839", url: "https://bugzilla.suse.com/1198404", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-24839", }, { cve: "CVE-2022-29181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29181", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29181", url: "https://www.suse.com/security/cve/CVE-2022-29181", }, { category: "external", summary: "SUSE Bug 1199782 for CVE-2022-29181", url: "https://bugzilla.suse.com/1199782", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-29181", }, { cve: "CVE-2022-29824", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29824", }, ], notes: [ { category: "general", text: "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29824", url: "https://www.suse.com/security/cve/CVE-2022-29824", }, { category: "external", summary: "SUSE Bug 1199132 for CVE-2022-29824", url: "https://bugzilla.suse.com/1199132", }, { category: "external", summary: "SUSE Bug 1202878 for CVE-2022-29824", url: "https://bugzilla.suse.com/1202878", }, { category: "external", summary: "SUSE Bug 1204121 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204121", }, { category: "external", summary: "SUSE Bug 1204131 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204131", }, { category: "external", summary: "SUSE Bug 1205069 for CVE-2022-29824", url: "https://bugzilla.suse.com/1205069", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-29824", }, { cve: "CVE-2022-34169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-34169", }, ], notes: [ { category: "general", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-34169", url: "https://www.suse.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "SUSE Bug 1201684 for CVE-2022-34169", url: "https://bugzilla.suse.com/1201684", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-34169", url: "https://bugzilla.suse.com/1202427", }, { category: "external", summary: "SUSE Bug 1207688 for CVE-2022-34169", url: "https://bugzilla.suse.com/1207688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2023-29469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-29469", }, ], notes: [ { category: "general", text: "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-29469", url: "https://www.suse.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "SUSE Bug 1210412 for CVE-2023-29469", url: "https://bugzilla.suse.com/1210412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-29469", }, ], }
opensuse-su-2024:11340-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media
Notes
Title of the patch
ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media
Description of the patch
These are all security issues fixed in the ruby2.7-rubygem-nokogiri-1.12.3-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11340
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby2.7-rubygem-nokogiri-1.12.3-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11340", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11340-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, ], title: "ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11340-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, ], }
opensuse-su-2024:13165-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media
Notes
Title of the patch
ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media
Description of the patch
These are all security issues fixed in the ruby3.2-rubygem-nokogiri-1.13.9-1.7 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13165
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.2-rubygem-nokogiri-1.13.9-1.7 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13165", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13165-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-25032 page", url: "https://www.suse.com/security/cve/CVE-2018-25032/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, { category: "self", summary: "SUSE CVE CVE-2022-23437 page", url: "https://www.suse.com/security/cve/CVE-2022-23437/", }, { category: "self", summary: "SUSE CVE CVE-2022-24836 page", url: "https://www.suse.com/security/cve/CVE-2022-24836/", }, { category: "self", summary: "SUSE CVE CVE-2022-24839 page", url: "https://www.suse.com/security/cve/CVE-2022-24839/", }, { category: "self", summary: "SUSE CVE CVE-2022-29181 page", url: "https://www.suse.com/security/cve/CVE-2022-29181/", }, { category: "self", summary: "SUSE CVE CVE-2022-29824 page", url: "https://www.suse.com/security/cve/CVE-2022-29824/", }, ], title: "ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13165-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-25032", }, ], notes: [ { category: "general", text: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-25032", url: "https://www.suse.com/security/cve/CVE-2018-25032", }, { category: "external", summary: "SUSE Bug 1197459 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197459", }, { category: "external", summary: "SUSE Bug 1197893 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197893", }, { category: "external", summary: "SUSE Bug 1198667 for CVE-2018-25032", url: "https://bugzilla.suse.com/1198667", }, { category: "external", summary: "SUSE Bug 1199104 for CVE-2018-25032", url: "https://bugzilla.suse.com/1199104", }, { category: "external", summary: "SUSE Bug 1200049 for CVE-2018-25032", url: "https://bugzilla.suse.com/1200049", }, { category: "external", summary: "SUSE Bug 1201732 for CVE-2018-25032", url: "https://bugzilla.suse.com/1201732", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2018-25032", url: "https://bugzilla.suse.com/1202688", }, { category: "external", summary: "SUSE Bug 1224427 for CVE-2018-25032", url: "https://bugzilla.suse.com/1224427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-25032", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, { cve: "CVE-2022-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23437", }, ], notes: [ { category: "general", text: "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23437", url: "https://www.suse.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "SUSE Bug 1195108 for CVE-2022-23437", url: "https://bugzilla.suse.com/1195108", }, { category: "external", summary: "SUSE Bug 1196394 for CVE-2022-23437", url: "https://bugzilla.suse.com/1196394", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-24836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24836", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24836", url: "https://www.suse.com/security/cve/CVE-2022-24836", }, { category: "external", summary: "SUSE Bug 1198408 for CVE-2022-24836", url: "https://bugzilla.suse.com/1198408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-24836", }, { cve: "CVE-2022-24839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24839", }, ], notes: [ { category: "general", text: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24839", url: "https://www.suse.com/security/cve/CVE-2022-24839", }, { category: "external", summary: "SUSE Bug 1198404 for CVE-2022-24839", url: "https://bugzilla.suse.com/1198404", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-24839", }, { cve: "CVE-2022-29181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29181", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29181", url: "https://www.suse.com/security/cve/CVE-2022-29181", }, { category: "external", summary: "SUSE Bug 1199782 for CVE-2022-29181", url: "https://bugzilla.suse.com/1199782", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-29181", }, { cve: "CVE-2022-29824", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29824", }, ], notes: [ { category: "general", text: "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29824", url: "https://www.suse.com/security/cve/CVE-2022-29824", }, { category: "external", summary: "SUSE Bug 1199132 for CVE-2022-29824", url: "https://bugzilla.suse.com/1199132", }, { category: "external", summary: "SUSE Bug 1202878 for CVE-2022-29824", url: "https://bugzilla.suse.com/1202878", }, { category: "external", summary: "SUSE Bug 1204121 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204121", }, { category: "external", summary: "SUSE Bug 1204131 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204131", }, { category: "external", summary: "SUSE Bug 1205069 for CVE-2022-29824", url: "https://bugzilla.suse.com/1205069", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-29824", }, ], }
opensuse-su-2024:10192-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libxml2-2-2.9.4-1.22 on GA media
Notes
Title of the patch
libxml2-2-2.9.4-1.22 on GA media
Description of the patch
These are all security issues fixed in the libxml2-2-2.9.4-1.22 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10192
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libxml2-2-2.9.4-1.22 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libxml2-2-2.9.4-1.22 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10192", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10192-1.json", }, { category: "self", summary: "SUSE CVE CVE-2008-4225 page", url: "https://www.suse.com/security/cve/CVE-2008-4225/", }, { category: "self", summary: "SUSE CVE CVE-2008-4226 page", url: "https://www.suse.com/security/cve/CVE-2008-4226/", }, { category: "self", summary: "SUSE CVE CVE-2008-4409 page", url: "https://www.suse.com/security/cve/CVE-2008-4409/", }, { category: "self", summary: "SUSE CVE CVE-2010-4494 page", url: "https://www.suse.com/security/cve/CVE-2010-4494/", }, { category: "self", summary: "SUSE CVE CVE-2011-1944 page", url: "https://www.suse.com/security/cve/CVE-2011-1944/", }, { category: "self", summary: "SUSE CVE CVE-2012-5134 page", url: "https://www.suse.com/security/cve/CVE-2012-5134/", }, { category: "self", summary: "SUSE CVE CVE-2013-0338 page", url: "https://www.suse.com/security/cve/CVE-2013-0338/", }, { category: "self", summary: "SUSE CVE CVE-2013-1969 page", url: "https://www.suse.com/security/cve/CVE-2013-1969/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2014-3660 page", url: "https://www.suse.com/security/cve/CVE-2014-3660/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2016-1762 page", url: "https://www.suse.com/security/cve/CVE-2016-1762/", }, { category: "self", summary: "SUSE CVE CVE-2016-1833 page", url: "https://www.suse.com/security/cve/CVE-2016-1833/", }, { category: "self", summary: "SUSE CVE CVE-2016-1834 page", url: "https://www.suse.com/security/cve/CVE-2016-1834/", }, { category: "self", summary: "SUSE CVE CVE-2016-1835 page", url: "https://www.suse.com/security/cve/CVE-2016-1835/", }, { category: "self", summary: "SUSE CVE CVE-2016-1836 page", url: "https://www.suse.com/security/cve/CVE-2016-1836/", }, { category: "self", summary: "SUSE CVE CVE-2016-1837 page", url: "https://www.suse.com/security/cve/CVE-2016-1837/", }, { category: "self", summary: "SUSE CVE CVE-2016-1838 page", url: "https://www.suse.com/security/cve/CVE-2016-1838/", }, { category: "self", summary: "SUSE CVE CVE-2016-1839 page", url: "https://www.suse.com/security/cve/CVE-2016-1839/", }, { category: "self", summary: "SUSE CVE CVE-2016-1840 page", url: "https://www.suse.com/security/cve/CVE-2016-1840/", }, { category: "self", summary: "SUSE CVE CVE-2016-3627 page", url: "https://www.suse.com/security/cve/CVE-2016-3627/", }, { category: "self", summary: "SUSE CVE CVE-2016-3705 page", url: "https://www.suse.com/security/cve/CVE-2016-3705/", }, { category: "self", summary: "SUSE CVE CVE-2016-4483 page", url: "https://www.suse.com/security/cve/CVE-2016-4483/", }, ], title: "libxml2-2-2.9.4-1.22 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10192-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libxml2-2-2.9.4-1.22.aarch64", product: { name: "libxml2-2-2.9.4-1.22.aarch64", product_id: "libxml2-2-2.9.4-1.22.aarch64", }, }, { category: "product_version", name: "libxml2-2-32bit-2.9.4-1.22.aarch64", product: { name: "libxml2-2-32bit-2.9.4-1.22.aarch64", product_id: "libxml2-2-32bit-2.9.4-1.22.aarch64", }, }, { category: "product_version", name: "libxml2-devel-2.9.4-1.22.aarch64", product: { name: "libxml2-devel-2.9.4-1.22.aarch64", product_id: "libxml2-devel-2.9.4-1.22.aarch64", }, }, { category: "product_version", name: "libxml2-devel-32bit-2.9.4-1.22.aarch64", product: { name: "libxml2-devel-32bit-2.9.4-1.22.aarch64", product_id: "libxml2-devel-32bit-2.9.4-1.22.aarch64", }, }, { category: "product_version", name: "libxml2-doc-2.9.4-1.22.aarch64", product: { name: "libxml2-doc-2.9.4-1.22.aarch64", product_id: "libxml2-doc-2.9.4-1.22.aarch64", }, }, { category: "product_version", name: "libxml2-tools-2.9.4-1.22.aarch64", product: { name: "libxml2-tools-2.9.4-1.22.aarch64", product_id: "libxml2-tools-2.9.4-1.22.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-2-2.9.4-1.22.ppc64le", product: { name: "libxml2-2-2.9.4-1.22.ppc64le", product_id: "libxml2-2-2.9.4-1.22.ppc64le", }, }, { category: "product_version", name: "libxml2-2-32bit-2.9.4-1.22.ppc64le", product: { name: "libxml2-2-32bit-2.9.4-1.22.ppc64le", product_id: "libxml2-2-32bit-2.9.4-1.22.ppc64le", }, }, { category: "product_version", name: "libxml2-devel-2.9.4-1.22.ppc64le", product: { name: "libxml2-devel-2.9.4-1.22.ppc64le", product_id: "libxml2-devel-2.9.4-1.22.ppc64le", }, }, { category: "product_version", name: "libxml2-devel-32bit-2.9.4-1.22.ppc64le", product: { name: "libxml2-devel-32bit-2.9.4-1.22.ppc64le", product_id: "libxml2-devel-32bit-2.9.4-1.22.ppc64le", }, }, { category: "product_version", name: "libxml2-doc-2.9.4-1.22.ppc64le", product: { name: "libxml2-doc-2.9.4-1.22.ppc64le", product_id: "libxml2-doc-2.9.4-1.22.ppc64le", }, }, { category: "product_version", name: "libxml2-tools-2.9.4-1.22.ppc64le", product: { name: "libxml2-tools-2.9.4-1.22.ppc64le", product_id: "libxml2-tools-2.9.4-1.22.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-2-2.9.4-1.22.s390x", product: { name: "libxml2-2-2.9.4-1.22.s390x", product_id: "libxml2-2-2.9.4-1.22.s390x", }, }, { category: "product_version", name: "libxml2-2-32bit-2.9.4-1.22.s390x", product: { name: "libxml2-2-32bit-2.9.4-1.22.s390x", product_id: "libxml2-2-32bit-2.9.4-1.22.s390x", }, }, { category: "product_version", name: "libxml2-devel-2.9.4-1.22.s390x", product: { name: "libxml2-devel-2.9.4-1.22.s390x", product_id: "libxml2-devel-2.9.4-1.22.s390x", }, }, { category: "product_version", name: "libxml2-devel-32bit-2.9.4-1.22.s390x", product: { name: "libxml2-devel-32bit-2.9.4-1.22.s390x", product_id: "libxml2-devel-32bit-2.9.4-1.22.s390x", }, }, { category: "product_version", name: "libxml2-doc-2.9.4-1.22.s390x", product: { name: "libxml2-doc-2.9.4-1.22.s390x", product_id: "libxml2-doc-2.9.4-1.22.s390x", }, }, { category: "product_version", name: "libxml2-tools-2.9.4-1.22.s390x", product: { name: "libxml2-tools-2.9.4-1.22.s390x", product_id: "libxml2-tools-2.9.4-1.22.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-2-2.9.4-1.22.x86_64", product: { name: "libxml2-2-2.9.4-1.22.x86_64", product_id: "libxml2-2-2.9.4-1.22.x86_64", }, }, { category: "product_version", name: "libxml2-2-32bit-2.9.4-1.22.x86_64", product: { name: "libxml2-2-32bit-2.9.4-1.22.x86_64", product_id: "libxml2-2-32bit-2.9.4-1.22.x86_64", }, }, { category: "product_version", name: "libxml2-devel-2.9.4-1.22.x86_64", product: { name: "libxml2-devel-2.9.4-1.22.x86_64", product_id: "libxml2-devel-2.9.4-1.22.x86_64", }, }, { category: "product_version", name: "libxml2-devel-32bit-2.9.4-1.22.x86_64", product: { name: "libxml2-devel-32bit-2.9.4-1.22.x86_64", product_id: "libxml2-devel-32bit-2.9.4-1.22.x86_64", }, }, { category: "product_version", name: "libxml2-doc-2.9.4-1.22.x86_64", product: { name: "libxml2-doc-2.9.4-1.22.x86_64", product_id: "libxml2-doc-2.9.4-1.22.x86_64", }, }, { category: "product_version", name: "libxml2-tools-2.9.4-1.22.x86_64", product: { name: "libxml2-tools-2.9.4-1.22.x86_64", product_id: "libxml2-tools-2.9.4-1.22.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.4-1.22.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", }, product_reference: "libxml2-2-2.9.4-1.22.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.4-1.22.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", }, product_reference: "libxml2-2-2.9.4-1.22.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.4-1.22.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", }, product_reference: "libxml2-2-2.9.4-1.22.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-2.9.4-1.22.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", }, product_reference: "libxml2-2-2.9.4-1.22.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.4-1.22.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", }, product_reference: "libxml2-2-32bit-2.9.4-1.22.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.4-1.22.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", }, product_reference: "libxml2-2-32bit-2.9.4-1.22.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.4-1.22.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", }, product_reference: "libxml2-2-32bit-2.9.4-1.22.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-2-32bit-2.9.4-1.22.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", }, product_reference: "libxml2-2-32bit-2.9.4-1.22.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.4-1.22.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", }, product_reference: "libxml2-devel-2.9.4-1.22.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.4-1.22.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", }, product_reference: "libxml2-devel-2.9.4-1.22.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.4-1.22.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", }, product_reference: "libxml2-devel-2.9.4-1.22.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-2.9.4-1.22.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", }, product_reference: "libxml2-devel-2.9.4-1.22.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-32bit-2.9.4-1.22.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", }, product_reference: "libxml2-devel-32bit-2.9.4-1.22.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-32bit-2.9.4-1.22.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", }, product_reference: "libxml2-devel-32bit-2.9.4-1.22.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-32bit-2.9.4-1.22.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", }, product_reference: "libxml2-devel-32bit-2.9.4-1.22.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-32bit-2.9.4-1.22.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", }, product_reference: "libxml2-devel-32bit-2.9.4-1.22.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.4-1.22.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", }, product_reference: "libxml2-doc-2.9.4-1.22.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.4-1.22.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", }, product_reference: "libxml2-doc-2.9.4-1.22.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.4-1.22.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", }, product_reference: "libxml2-doc-2.9.4-1.22.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-doc-2.9.4-1.22.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", }, product_reference: "libxml2-doc-2.9.4-1.22.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.4-1.22.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", }, product_reference: "libxml2-tools-2.9.4-1.22.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.4-1.22.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", }, product_reference: "libxml2-tools-2.9.4-1.22.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.4-1.22.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", }, product_reference: "libxml2-tools-2.9.4-1.22.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxml2-tools-2.9.4-1.22.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", }, product_reference: "libxml2-tools-2.9.4-1.22.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2008-4225", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-4225", }, ], notes: [ { category: "general", text: "Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-4225", url: "https://www.suse.com/security/cve/CVE-2008-4225", }, { category: "external", summary: "SUSE Bug 445677 for CVE-2008-4225", url: "https://bugzilla.suse.com/445677", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2008-4225", }, { cve: "CVE-2008-4226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-4226", }, ], notes: [ { category: "general", text: "Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-4226", url: "https://www.suse.com/security/cve/CVE-2008-4226", }, { category: "external", summary: "SUSE Bug 441368 for CVE-2008-4226", url: "https://bugzilla.suse.com/441368", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2008-4226", }, { cve: "CVE-2008-4409", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-4409", }, ], notes: [ { category: "general", text: "libxml2 2.7.0 and 2.7.1 does not properly handle \"predefined entities definitions\" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-4409", url: "https://www.suse.com/security/cve/CVE-2008-4409", }, { category: "external", summary: "SUSE Bug 432486 for CVE-2008-4409", url: "https://bugzilla.suse.com/432486", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2008-4409", }, { cve: "CVE-2010-4494", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4494", }, ], notes: [ { category: "general", text: "Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4494", url: "https://www.suse.com/security/cve/CVE-2010-4494", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2010-4494", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 661471 for CVE-2010-4494", url: "https://bugzilla.suse.com/661471", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2010-4494", }, { cve: "CVE-2011-1944", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1944", }, ], notes: [ { category: "general", text: "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1944", url: "https://www.suse.com/security/cve/CVE-2011-1944", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2011-1944", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 697372 for CVE-2011-1944", url: "https://bugzilla.suse.com/697372", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2011-1944", }, { cve: "CVE-2012-5134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5134", }, ], notes: [ { category: "general", text: "Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5134", url: "https://www.suse.com/security/cve/CVE-2012-5134", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2012-5134", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 791234 for CVE-2012-5134", url: "https://bugzilla.suse.com/791234", }, { category: "external", summary: "SUSE Bug 793334 for CVE-2012-5134", url: "https://bugzilla.suse.com/793334", }, { category: "external", summary: "SUSE Bug 795039 for CVE-2012-5134", url: "https://bugzilla.suse.com/795039", }, { category: "external", summary: "SUSE Bug 804033 for CVE-2012-5134", url: "https://bugzilla.suse.com/804033", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-5134", }, { cve: "CVE-2013-0338", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-0338", }, ], notes: [ { category: "general", text: "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-0338", url: "https://www.suse.com/security/cve/CVE-2013-0338", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-0338", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 805233 for CVE-2013-0338", url: "https://bugzilla.suse.com/805233", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-0338", }, { cve: "CVE-2013-1969", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1969", }, ], notes: [ { category: "general", text: "Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1969", url: "https://www.suse.com/security/cve/CVE-2013-1969", }, { category: "external", summary: "SUSE Bug 815665 for CVE-2013-1969", url: "https://bugzilla.suse.com/815665", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2013-1969", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2014-3660", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3660", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \"billion laughs\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3660", url: "https://www.suse.com/security/cve/CVE-2014-3660", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-3660", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 901546 for CVE-2014-3660", url: "https://bugzilla.suse.com/901546", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3660", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2016-1762", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1762", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1762", url: "https://www.suse.com/security/cve/CVE-2016-1762", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1762", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981040 for CVE-2016-1762", url: "https://bugzilla.suse.com/981040", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-1762", }, { cve: "CVE-2016-1833", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1833", }, ], notes: [ { category: "general", text: "The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1833", url: "https://www.suse.com/security/cve/CVE-2016-1833", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1833", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981108 for CVE-2016-1833", url: "https://bugzilla.suse.com/981108", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-1833", }, { cve: "CVE-2016-1834", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1834", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1834", url: "https://www.suse.com/security/cve/CVE-2016-1834", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1834", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981041 for CVE-2016-1834", url: "https://bugzilla.suse.com/981041", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-1834", }, { cve: "CVE-2016-1835", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1835", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1835", url: "https://www.suse.com/security/cve/CVE-2016-1835", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1835", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981109 for CVE-2016-1835", url: "https://bugzilla.suse.com/981109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-1835", }, { cve: "CVE-2016-1836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1836", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1836", url: "https://www.suse.com/security/cve/CVE-2016-1836", }, { category: "external", summary: "SUSE Bug 1174862 for CVE-2016-1836", url: "https://bugzilla.suse.com/1174862", }, { category: "external", summary: "SUSE Bug 981110 for CVE-2016-1836", url: "https://bugzilla.suse.com/981110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-1836", }, { cve: "CVE-2016-1837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1837", }, ], notes: [ { category: "general", text: "Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1837", url: "https://www.suse.com/security/cve/CVE-2016-1837", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1837", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981111 for CVE-2016-1837", url: "https://bugzilla.suse.com/981111", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-1837", }, { cve: "CVE-2016-1838", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1838", }, ], notes: [ { category: "general", text: "The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1838", url: "https://www.suse.com/security/cve/CVE-2016-1838", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1838", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981112 for CVE-2016-1838", url: "https://bugzilla.suse.com/981112", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-1838", }, { cve: "CVE-2016-1839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1839", }, ], notes: [ { category: "general", text: "The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1839", url: "https://www.suse.com/security/cve/CVE-2016-1839", }, { category: "external", summary: "SUSE Bug 1039069 for CVE-2016-1839", url: "https://bugzilla.suse.com/1039069", }, { category: "external", summary: "SUSE Bug 1039661 for CVE-2016-1839", url: "https://bugzilla.suse.com/1039661", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-1839", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1069690 for CVE-2016-1839", url: "https://bugzilla.suse.com/1069690", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1839", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 963963 for CVE-2016-1839", url: "https://bugzilla.suse.com/963963", }, { category: "external", summary: "SUSE Bug 981114 for CVE-2016-1839", url: "https://bugzilla.suse.com/981114", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-1839", }, { cve: "CVE-2016-1840", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1840", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1840", url: "https://www.suse.com/security/cve/CVE-2016-1840", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-1840", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 981115 for CVE-2016-1840", url: "https://bugzilla.suse.com/981115", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-1840", }, { cve: "CVE-2016-3627", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3627", }, ], notes: [ { category: "general", text: "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3627", url: "https://www.suse.com/security/cve/CVE-2016-3627", }, { category: "external", summary: "SUSE Bug 1026099 for CVE-2016-3627", url: "https://bugzilla.suse.com/1026099", }, { category: "external", summary: "SUSE Bug 1026101 for CVE-2016-3627", url: "https://bugzilla.suse.com/1026101", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-3627", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 972335 for CVE-2016-3627", url: "https://bugzilla.suse.com/972335", }, { category: "external", summary: "SUSE Bug 975947 for CVE-2016-3627", url: "https://bugzilla.suse.com/975947", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-3627", }, { cve: "CVE-2016-3705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3705", }, ], notes: [ { category: "general", text: "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3705", url: "https://www.suse.com/security/cve/CVE-2016-3705", }, { category: "external", summary: "SUSE Bug 1017497 for CVE-2016-3705", url: "https://bugzilla.suse.com/1017497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-3705", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 975947 for CVE-2016-3705", url: "https://bugzilla.suse.com/975947", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-3705", }, { cve: "CVE-2016-4483", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4483", }, ], notes: [ { category: "general", text: "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4483", url: "https://www.suse.com/security/cve/CVE-2016-4483", }, { category: "external", summary: "SUSE Bug 1026101 for CVE-2016-4483", url: "https://bugzilla.suse.com/1026101", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4483", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 978395 for CVE-2016-4483", url: "https://bugzilla.suse.com/978395", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-2-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-devel-32bit-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-doc-2.9.4-1.22.x86_64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.aarch64", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.ppc64le", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.s390x", "openSUSE Tumbleweed:libxml2-tools-2.9.4-1.22.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-4483", }, ], }
opensuse-su-2024:11912-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media
Notes
Title of the patch
ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.1-rubygem-nokogiri-1.13.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11912
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.1-rubygem-nokogiri-1.13.3-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11912", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11912-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, ], title: "ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11912-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, ], }
gsd-2015-8035
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-8035", description: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", id: "GSD-2015-8035", references: [ "https://www.suse.com/security/cve/CVE-2015-8035.html", "https://www.debian.org/security/2015/dsa-3430", "https://access.redhat.com/errata/RHBA-2020:1540", "https://access.redhat.com/errata/RHBA-2020:1539", "https://access.redhat.com/errata/RHSA-2020:1190", "https://access.redhat.com/errata/RHSA-2016:1089", "https://ubuntu.com/security/CVE-2015-8035", "https://advisories.mageia.org/CVE-2015-8035.html", "https://alas.aws.amazon.com/cve/html/CVE-2015-8035.html", "https://linux.oracle.com/cve/CVE-2015-8035.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-8035", ], details: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", id: "GSD-2015-8035", modified: "2023-12-13T01:20:02.931962Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8035", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "APPLE-SA-2016-03-21-5", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { name: "openSUSE-SU-2016:0106", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { name: "https://support.apple.com/HT206167", refsource: "CONFIRM", url: "https://support.apple.com/HT206167", }, { name: "https://support.apple.com/HT206168", refsource: "CONFIRM", url: "https://support.apple.com/HT206168", }, { name: "DSA-3430", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3430", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { name: "APPLE-SA-2016-03-21-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { name: "http://xmlsoft.org/news.html", refsource: "CONFIRM", url: "http://xmlsoft.org/news.html", }, { name: "FEDORA-2016-a9ee80b01d", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "RHSA-2016:1089", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { name: "APPLE-SA-2016-03-21-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "1034243", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034243", }, { name: "USN-2812-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2812-1", }, { name: "[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { name: "FEDORA-2016-189a7bf68c", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { name: "[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { name: "GLSA-201701-37", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-37", }, { name: "77390", refsource: "BID", url: "http://www.securityfocus.com/bid/77390", }, { name: "openSUSE-SU-2015:2372", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { name: "APPLE-SA-2016-03-21-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { name: "https://support.apple.com/HT206169", refsource: "CONFIRM", url: "https://support.apple.com/HT206169", }, { name: "https://support.apple.com/HT206166", refsource: "CONFIRM", url: "https://support.apple.com/HT206166", }, { name: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", refsource: "CONFIRM", url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[2.9.1]", affected_versions: "Version 2.9.1", cvss_v2: "AV:N/AC:H/Au:N/C:N/I:N/A:P", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2019-03-08", description: "The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", fixed_versions: [], identifier: "CVE-2015-8035", identifiers: [ "CVE-2015-8035", ], not_impacted: "", package_slug: "nuget/libxml2", pubdate: "2015-11-18", solution: "Unfortunately, there is no solution available yet.", title: "Uncontrolled Resource Consumption", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", ], uuid: "44427165-f1f3-46ac-926e-2c37ec1dfd38", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.11.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8035", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-399", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { name: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", refsource: "CONFIRM", tags: [ "Exploit", ], url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, { name: "USN-2812-1", refsource: "UBUNTU", tags: [], url: "http://www.ubuntu.com/usn/USN-2812-1", }, { name: "[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { name: "[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { name: "http://xmlsoft.org/news.html", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://xmlsoft.org/news.html", }, { name: "https://support.apple.com/HT206166", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT206166", }, { name: "https://support.apple.com/HT206169", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT206169", }, { name: "APPLE-SA-2016-03-21-1", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { name: "https://support.apple.com/HT206168", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT206168", }, { name: "APPLE-SA-2016-03-21-2", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "APPLE-SA-2016-03-21-3", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { name: "https://support.apple.com/HT206167", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT206167", }, { name: "APPLE-SA-2016-03-21-5", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { name: "DSA-3430", refsource: "DEBIAN", tags: [], url: "http://www.debian.org/security/2015/dsa-3430", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", refsource: "CONFIRM", tags: [], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", refsource: "CONFIRM", tags: [], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "77390", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/77390", }, { name: "RHSA-2016:1089", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { name: "FEDORA-2016-a9ee80b01d", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { name: "FEDORA-2016-189a7bf68c", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { name: "openSUSE-SU-2015:2372", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { name: "openSUSE-SU-2016:0106", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { name: "GLSA-201701-37", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/201701-37", }, { name: "1034243", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id/1034243", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: true, }, }, lastModifiedDate: "2019-03-08T16:06Z", publishedDate: "2015-11-18T16:59Z", }, }, }
fkie_cve-2015-8035
Vulnerability from fkie_nvd
Published
2015-11-18 16:59
Modified
2024-11-21 02:37
Severity ?
Summary
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*", matchCriteriaId: "F1C1561E-1CEA-490B-B0C4-D33AA6340E24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "080450EA-85C1-454D-98F9-5286D69CF237", versionEndIncluding: "9.2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82", versionEndIncluding: "10.11.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A", versionEndIncluding: "9.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "FBF14807-BA21-480B-9ED0-A6D53352E87F", versionEndIncluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", }, { lang: "es", value: "La función xz_decomp en xzlib.c en libxml2 2.9.1 no detecta adecuadamente los errores de compresión, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cuelgue del proceso) a través de datos XML manipulados.", }, ], id: "CVE-2015-8035", lastModified: "2024-11-21T02:37:53.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-11-18T16:59:09.883", references: [ { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3430", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/77390", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1034243", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2812-1", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://xmlsoft.org/news.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, { source: "cve@mitre.org", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { source: "cve@mitre.org", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201701-37", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT206166", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT206167", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT206168", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT206169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77390", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034243", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2812-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://xmlsoft.org/news.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201701-37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT206166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT206167", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT206168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT206169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-cprg-r8c2-9m62
Vulnerability from github
Published
2022-05-14 01:23
Modified
2022-05-14 01:23
Details
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
{ affected: [], aliases: [ "CVE-2015-8035", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2015-11-18T16:59:00Z", severity: "LOW", }, details: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", id: "GHSA-cprg-r8c2-9m62", modified: "2022-05-14T01:23:19Z", published: "2022-05-14T01:23:19Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8035", }, { type: "WEB", url: "https://bugzilla.gnome.org/show_bug.cgi?id=757466", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201701-37", }, { type: "WEB", url: "https://support.apple.com/HT206166", }, { type: "WEB", url: "https://support.apple.com/HT206167", }, { type: "WEB", url: "https://support.apple.com/HT206168", }, { type: "WEB", url: "https://support.apple.com/HT206169", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html", }, { type: "WEB", url: "http://www.debian.org/security/2015/dsa-3430", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/11/02/2", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/11/02/4", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/11/03/1", }, { type: "WEB", url: "http://www.securityfocus.com/bid/77390", }, { type: "WEB", url: "http://www.securitytracker.com/id/1034243", }, { type: "WEB", url: "http://www.ubuntu.com/usn/USN-2812-1", }, { type: "WEB", url: "http://xmlsoft.org/news.html", }, ], schema_version: "1.4.0", severity: [], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.