Security update for xerces-c SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:2225-1 Final 1 1 2020-08-13T07:52:59Z current 2020-08-13T07:52:59Z 2020-08-13T07:52:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xerces-c This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-2225,SUSE-OpenStack-Cloud-7-2020-2225,SUSE-OpenStack-Cloud-8-2020-2225,SUSE-OpenStack-Cloud-9-2020-2225,SUSE-OpenStack-Cloud-Crowbar-9-2020-2225,SUSE-SLE-SAP-12-SP2-2020-2225,SUSE-SLE-SAP-12-SP3-2020-2225,SUSE-SLE-SAP-12-SP4-2020-2225,SUSE-SLE-SDK-12-SP5-2020-2225,SUSE-SLE-SERVER-12-SP2-2020-2225,SUSE-SLE-SERVER-12-SP2-BCL-2020-2225,SUSE-SLE-SERVER-12-SP3-2020-2225,SUSE-SLE-SERVER-12-SP3-BCL-2020-2225,SUSE-SLE-SERVER-12-SP4-LTSS-2020-2225,SUSE-SLE-SERVER-12-SP5-2020-2225,SUSE-Storage-5-2020-2225 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20202225-1/ Link for SUSE-SU-2020:2225-1 https://lists.suse.com/pipermail/sle-security-updates/2020-August/007262.html E-Mail link for SUSE-SU-2020:2225-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1083630 SUSE Bug 1083630 https://www.suse.com/security/cve/CVE-2017-12627/ SUSE CVE CVE-2017-12627 page SUSE Enterprise Storage 5 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-64bit-3.1.1-13.3.6 libxerces-c-devel-3.1.1-13.3.6 xerces-c-3.1.1-13.3.6 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Enterprise Storage 5 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Enterprise Storage 5 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP5 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server 12 SP5 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libxerces-c-devel-3.1.1-13.3.6 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud 7 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud 7 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud 8 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud 8 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud 9 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud 9 libxerces-c-3_1-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud Crowbar 9 libxerces-c-3_1-32bit-3.1.1-13.3.6 as a component of SUSE OpenStack Cloud Crowbar 9 In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. CVE-2017-12627 SUSE Enterprise Storage 5:libxerces-c-3_1-3.1.1-13.3.6 SUSE Enterprise Storage 5:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP2-BCL:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP2-BCL:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP2-LTSS:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP2-LTSS:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP3-BCL:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP3-BCL:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP3-LTSS:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP3-LTSS:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP4-LTSS:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP4-LTSS:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-3.1.1-13.3.6 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE Linux Enterprise Software Development Kit 12 SP5:libxerces-c-devel-3.1.1-13.3.6 SUSE OpenStack Cloud 7:libxerces-c-3_1-3.1.1-13.3.6 SUSE OpenStack Cloud 7:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE OpenStack Cloud 8:libxerces-c-3_1-3.1.1-13.3.6 SUSE OpenStack Cloud 8:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE OpenStack Cloud 9:libxerces-c-3_1-3.1.1-13.3.6 SUSE OpenStack Cloud 9:libxerces-c-3_1-32bit-3.1.1-13.3.6 SUSE OpenStack Cloud Crowbar 9:libxerces-c-3_1-3.1.1-13.3.6 SUSE OpenStack Cloud Crowbar 9:libxerces-c-3_1-32bit-3.1.1-13.3.6 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202225-1/ https://www.suse.com/security/cve/CVE-2017-12627.html CVE-2017-12627 https://bugzilla.suse.com/1083630 SUSE Bug 1083630