Upstream information

CVE-2008-4226 at MITRE

Description

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 10.00
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 441368 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libxml2-2 >= 2.9.1-6.2
  • libxml2-2-32bit >= 2.9.1-6.2
  • libxml2-tools >= 2.9.1-6.2
  • python-libxml2 >= 2.9.1-6.2
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libxml2-2
SUSE Linux Enterprise Desktop 12 GA python-libxml2
SUSE Linux Enterprise Desktop 12 SP1
  • libxml2-2 >= 2.9.1-10.1
  • libxml2-2-32bit >= 2.9.1-10.1
  • libxml2-tools >= 2.9.1-10.1
  • python-libxml2 >= 2.9.1-10.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libxml2-2
SUSE Linux Enterprise Desktop 12 SP1 GA python-libxml2
SUSE Linux Enterprise Desktop 12 SP2
  • libxml2-2 >= 2.9.4-27.1
  • libxml2-2-32bit >= 2.9.4-27.1
  • libxml2-tools >= 2.9.4-27.1
  • python-libxml2 >= 2.9.4-27.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libxml2-2
SUSE Linux Enterprise Desktop 12 SP2 GA python-libxml2
SUSE Linux Enterprise Server 12 SP2
  • libxml2-2 >= 2.9.4-27.1
  • libxml2-2-32bit >= 2.9.4-27.1
  • libxml2-doc >= 2.9.4-27.1
  • libxml2-tools >= 2.9.4-27.1
  • python-libxml2 >= 2.9.4-27.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libxml2-2
SUSE Linux Enterprise Server 12 SP2 GA python-libxml2
Novell Linux Desktop 9 for x86
  • libxml2 >= 2.6.7-28.16
sles9-nld.x86-64
sles9-nld.x86
YOU Patch Nr: 12287
Novell Linux Desktop 9 for x86_64
  • libxml2 >= 2.6.7-28.16
  • libxml2-32bit >= 9-200811071633
sles9-nld.x86-64
sles9-nld.x86
YOU Patch Nr: 12287
openSUSE 11.0
  • libxml2-debuginfo >= 2.6.32-11.5
  • libxml2-debugsource >= 2.6.32-11.5
openSUSE 11.0
  • libxml2 >= 2.6.32-11.5
  • libxml2-32bit >= 2.6.32-11.5
  • libxml2-64bit >= 2.6.32-11.5
  • libxml2-devel >= 2.6.32-11.5
  • libxml2-devel-32bit >= 2.6.32-11.5
  • libxml2-devel-64bit >= 2.6.32-11.5
  • libxml2-doc >= 2.6.32-11.5
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • libxml2 >= 2.6.7-28.16
  • libxml2-devel >= 2.6.7-28.16
core9.ppc
core9.s390
sles9-nlpos.x86
sles9-nld.x86-64
sles9-nld.x86
core9.x86
sles9-oes.x86
core9.s390x
core9.x86-64
core9.ia64
YOU Patch Nr: 12286
Novell Linux Desktop 9 for x86_64
  • libxml2 >= 2.6.7-28.16
  • libxml2-32bit >= 9-200811071633
  • libxml2-devel >= 2.6.7-28.16
core9.ppc
core9.s390
sles9-nlpos.x86
sles9-nld.x86-64
sles9-nld.x86
core9.x86
sles9-oes.x86
core9.s390x
core9.x86-64
core9.ia64
YOU Patch Nr: 12286
openSUSE 13.2
  • libxml2-2 >= 2.9.1-7.2.1
  • libxml2-2-32bit >= 2.9.1-7.2.1
  • libxml2-devel >= 2.9.1-7.2.1
  • libxml2-tools >= 2.9.1-7.2.1
  • python-libxml2 >= 2.9.1-7.2.1
Patchnames:
openSUSE 13.2 GA libxml2-2
openSUSE 13.2 GA python-libxml2
openSUSE Leap 42.1
  • libxml2-2 >= 2.9.1-8.1
  • libxml2-2-32bit >= 2.9.1-8.1
  • libxml2-devel >= 2.9.1-8.1
  • libxml2-tools >= 2.9.1-8.1
  • python-libxml2 >= 2.9.1-8.1
Patchnames:
openSUSE Leap 42.1 GA libxml2-2
openSUSE Leap 42.1 GA python-libxml2
openSUSE Leap 42.2
  • libxml2-2 >= 2.9.4-1.4
  • libxml2-2-32bit >= 2.9.4-1.4
  • libxml2-devel >= 2.9.4-1.4
  • libxml2-tools >= 2.9.4-1.4
  • python-libxml2 >= 2.9.4-1.3
Patchnames:
openSUSE Leap 42.2 GA libxml2-2
openSUSE Leap 42.2 GA python-libxml2