Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0681-1 Final 1 1 2020-05-22T16:17:02Z current 2020-05-22T16:17:02Z 2020-05-22T16:17:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-681 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75OUBX7RPPAARGW2FKOWVC52NVIH42S5/ E-Mail link for openSUSE-SU-2020:0681-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1159928 SUSE Bug 1159928 https://bugzilla.suse.com/1161517 SUSE Bug 1161517 https://bugzilla.suse.com/1161521 SUSE Bug 1161521 https://www.suse.com/security/cve/CVE-2019-19956/ SUSE CVE CVE-2019-19956 page https://www.suse.com/security/cve/CVE-2019-20388/ SUSE CVE CVE-2019-20388 page https://www.suse.com/security/cve/CVE-2020-7595/ SUSE CVE CVE-2020-7595 page openSUSE Leap 15.1 libxml2-2-2.9.7-lp151.5.9.1 libxml2-2-32bit-2.9.7-lp151.5.9.1 libxml2-devel-2.9.7-lp151.5.9.1 libxml2-devel-32bit-2.9.7-lp151.5.9.1 libxml2-doc-2.9.7-lp151.5.9.1 libxml2-tools-2.9.7-lp151.5.9.1 python2-libxml2-python-2.9.7-lp151.5.9.1 python3-libxml2-python-2.9.7-lp151.5.9.1 libxml2-2-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 libxml2-2-32bit-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 libxml2-devel-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 libxml2-devel-32bit-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 libxml2-doc-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 libxml2-tools-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 python2-libxml2-python-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 python3-libxml2-python-2.9.7-lp151.5.9.1 as a component of openSUSE Leap 15.1 xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. CVE-2019-19956 openSUSE Leap 15.1:libxml2-2-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-2-32bit-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-devel-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-devel-32bit-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-doc-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-tools-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:python2-libxml2-python-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:python3-libxml2-python-2.9.7-lp151.5.9.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75OUBX7RPPAARGW2FKOWVC52NVIH42S5/ https://www.suse.com/security/cve/CVE-2019-19956.html CVE-2019-19956 https://bugzilla.suse.com/1159928 SUSE Bug 1159928 https://bugzilla.suse.com/1191860 SUSE Bug 1191860 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2019-20388 openSUSE Leap 15.1:libxml2-2-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-2-32bit-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-devel-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-devel-32bit-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-doc-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-tools-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:python2-libxml2-python-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:python3-libxml2-python-2.9.7-lp151.5.9.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75OUBX7RPPAARGW2FKOWVC52NVIH42S5/ https://www.suse.com/security/cve/CVE-2019-20388.html CVE-2019-20388 https://bugzilla.suse.com/1161521 SUSE Bug 1161521 https://bugzilla.suse.com/1191860 SUSE Bug 1191860 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-7595 openSUSE Leap 15.1:libxml2-2-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-2-32bit-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-devel-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-devel-32bit-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-doc-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:libxml2-tools-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:python2-libxml2-python-2.9.7-lp151.5.9.1 openSUSE Leap 15.1:python3-libxml2-python-2.9.7-lp151.5.9.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75OUBX7RPPAARGW2FKOWVC52NVIH42S5/ https://www.suse.com/security/cve/CVE-2020-7595.html CVE-2020-7595 https://bugzilla.suse.com/1161517 SUSE Bug 1161517 https://bugzilla.suse.com/1191860 SUSE Bug 1191860