Upstream information
Description
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entry: 441368 SUSE Security Advisories:- SUSE-SR:2008:026, published Mon, 24 Nov 2008 16:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Novell Linux Desktop 9 for x86 |
| sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12287 |
| Novell Linux Desktop 9 for x86_64 |
| sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12287 |
| openSUSE 11.0 |
| |
| openSUSE 11.0 |
| |
| SUSE CORE 9 for AMD64 and Intel EM64T |
| Builds YOU Patch Nr: 12752 |
| Novell Linux Desktop 9 for x86_64 |
| core9.ppc core9.s390 sles9-nlpos.x86 sles9-nld.x86-64 sles9-nld.x86 core9.x86 sles9-oes.x86 core9.s390x core9.x86-64 core9.ia64 YOU Patch Nr: 12286 |
| Novell Linux Desktop 9 for x86 Open Enterprise Server |
| core9.ppc core9.s390 sles9-nlpos.x86 sles9-nld.x86-64 sles9-nld.x86 core9.x86 sles9-oes.x86 core9.s390x core9.x86-64 core9.ia64 YOU Patch Nr: 12286 |
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86 |
| sles10-sp2-debuginfo.ppc sles10-sp2.s390x sles10-sp2.x86 sled10-sp2.x86 sles10-sp2.ppc sles10-sp2-debuginfo.s390x sles10-sp2.ia64 sles10-sp2-debuginfo.x86-64 sles10-sp2-debuginfo.ia64 sled10-sp2.x86-64 sles10-sp2-debuginfo.x86 sles10-sp2.x86-64 ZYPP Patch Nr: 5755 |