Upstream information

CVE-2007-6284 at MITRE

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 349151 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libxml2 >= 2.7.6-0.1.37
  • libxml2-32bit >= 2.7.6-0.1.37
  • libxml2-doc >= 2.7.6-0.1.37
  • libxml2-x86 >= 2.7.6-0.1.37
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libxml2
SUSE Linux Enterprise Server 11 SP2
  • libxml2 >= 2.7.6-0.13.1
  • libxml2-32bit >= 2.7.6-0.13.1
  • libxml2-doc >= 2.7.6-0.13.1
  • libxml2-x86 >= 2.7.6-0.13.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libxml2
SUSE Linux Enterprise Server 11 SP3
  • libxml2 >= 2.7.6-0.23.1
  • libxml2-32bit >= 2.7.6-0.23.1
  • libxml2-doc >= 2.7.6-0.23.1
  • libxml2-x86 >= 2.7.6-0.23.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libxml2
SUSE Linux Enterprise Server 11 SP4
  • libxml2 >= 2.7.6-0.31.1
  • libxml2-32bit >= 2.7.6-0.31.1
  • libxml2-doc >= 2.7.6-0.31.1
  • libxml2-x86 >= 2.7.6-0.31.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libxml2
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libxml2-devel >= 2.7.6-0.31.1
  • libxml2-devel-32bit >= 2.7.6-0.31.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libxml2-devel
SUSE LINUX 10.1
  • libxml2 >= 2.6.23-15.7.3
  • libxml2-32bit >= 2.6.23-15.7.3
  • libxml2-64bit >= 2.6.23-15.7.3
  • libxml2-devel >= 2.6.23-15.7.3
  • libxml2-devel-32bit >= 2.6.23-15.7.3
  • libxml2-devel-64bit >= 2.6.23-15.7.3
  • libxml2-python >= 2.6.23-15.5.3
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • libxml2-python >= 2.6.7-46.11
core9.s390
core9.x86
sled10.x86
core9.s390
sles9-nlpos.x86
sles10.s390x
ZYPP Patch Nr: 4840
Novell Linux Desktop 9 for x86
  • libxml2 >= 2.6.7-28.11
  • libxml2-devel >= 2.6.7-28.11
  • libxml2-python >= 2.6.7-46.11
core9.s390
core9.x86
sled10.x86
core9.s390
sles9-nlpos.x86
sles10.s390x
ZYPP Patch Nr: 4840
Novell Linux Desktop 9 for x86_64
  • libxml2 >= 2.6.7-28.11
  • libxml2-32bit >= 9-200712191220
  • libxml2-devel >= 2.6.7-28.11
  • libxml2-python >= 2.6.7-46.11
core9.s390
core9.x86
sled10.x86
core9.s390
sles9-nlpos.x86
sles10.s390x
ZYPP Patch Nr: 4840
Open Enterprise Server
  • libxml2 >= 2.6.7-28.11
  • libxml2-devel >= 2.6.7-28.11
core9.s390
core9.x86
sled10.x86
core9.s390
sles9-nlpos.x86
sles10.s390x
ZYPP Patch Nr: 4840