vulnerability
SUSE: CVE-2016-4658: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Sep 25, 2016 | Oct 26, 2016 | Feb 4, 2022 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Sep 25, 2016
Added
Oct 26, 2016
Modified
Feb 4, 2022
Description
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
Solutions
suse-upgrade-libxml2suse-upgrade-libxml2-2suse-upgrade-libxml2-2-32bitsuse-upgrade-libxml2-32bitsuse-upgrade-libxml2-develsuse-upgrade-libxml2-devel-32bitsuse-upgrade-libxml2-docsuse-upgrade-libxml2-pythonsuse-upgrade-libxml2-toolssuse-upgrade-libxml2-x86suse-upgrade-python-libxml2suse-upgrade-python2-libxml2-pythonsuse-upgrade-python3-libxml2-pythonsuse-upgrade-ruby2-5-rubygem-nokogirisuse-upgrade-sles12-docker-imagesuse-upgrade-sles12sp1-docker-imagesuse-upgrade-sles12sp2-docker-image
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.