Upstream information

CVE-2008-4409 at MITRE

Description

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 432486 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libxml2-2 >= 2.9.1-6.2
  • libxml2-2-32bit >= 2.9.1-6.2
  • libxml2-tools >= 2.9.1-6.2
  • python-libxml2 >= 2.9.1-6.2
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libxml2-2
SUSE Linux Enterprise Desktop 12 GA python-libxml2
SUSE Linux Enterprise Desktop 12 SP1
  • libxml2-2 >= 2.9.1-10.1
  • libxml2-2-32bit >= 2.9.1-10.1
  • libxml2-tools >= 2.9.1-10.1
  • python-libxml2 >= 2.9.1-10.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libxml2-2
SUSE Linux Enterprise Desktop 12 SP1 GA python-libxml2
SUSE Linux Enterprise Desktop 12 SP2
  • libxml2-2 >= 2.9.4-27.1
  • libxml2-2-32bit >= 2.9.4-27.1
  • libxml2-tools >= 2.9.4-27.1
  • python-libxml2 >= 2.9.4-27.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libxml2-2
SUSE Linux Enterprise Desktop 12 SP2 GA python-libxml2
SUSE Linux Enterprise Desktop 12 SP3
  • libxml2-2 >= 2.9.4-45.1
  • libxml2-2-32bit >= 2.9.4-45.1
  • libxml2-tools >= 2.9.4-45.1
  • python-libxml2 >= 2.9.4-45.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libxml2-2
SUSE Linux Enterprise Desktop 12 SP3 GA python-libxml2
SUSE Linux Enterprise Module for Basesystem 15
  • libxml2-2 >= 2.9.7-1.30
  • libxml2-2-32bit >= 2.9.7-1.30
  • libxml2-devel >= 2.9.7-1.30
  • libxml2-tools >= 2.9.7-1.30
  • python2-libxml2-python >= 2.9.7-1.30
  • python3-libxml2-python >= 2.9.7-1.30
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libxml2-2
SUSE Linux Enterprise Module for Basesystem 15 GA python2-libxml2-python
SUSE Linux Enterprise Server 11 SP1
  • libxml2 >= 2.7.6-0.1.37
  • libxml2-32bit >= 2.7.6-0.1.37
  • libxml2-doc >= 2.7.6-0.1.37
  • libxml2-x86 >= 2.7.6-0.1.37
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libxml2
SUSE Linux Enterprise Server 11 SP2
  • libxml2 >= 2.7.6-0.13.1
  • libxml2-32bit >= 2.7.6-0.13.1
  • libxml2-doc >= 2.7.6-0.13.1
  • libxml2-x86 >= 2.7.6-0.13.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libxml2
SUSE Linux Enterprise Server 11 SP3
  • libxml2 >= 2.7.6-0.23.1
  • libxml2-32bit >= 2.7.6-0.23.1
  • libxml2-doc >= 2.7.6-0.23.1
  • libxml2-x86 >= 2.7.6-0.23.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libxml2
SUSE Linux Enterprise Server 11 SP4
  • libxml2 >= 2.7.6-0.31.1
  • libxml2-32bit >= 2.7.6-0.31.1
  • libxml2-doc >= 2.7.6-0.31.1
  • libxml2-x86 >= 2.7.6-0.31.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libxml2
SUSE Linux Enterprise Server 12
  • libxml2-2 >= 2.9.1-6.2
  • libxml2-2-32bit >= 2.9.1-6.2
  • libxml2-doc >= 2.9.1-6.2
  • libxml2-tools >= 2.9.1-6.2
  • python-libxml2 >= 2.9.1-6.2
Patchnames:
SUSE Linux Enterprise Server 12 GA libxml2-2
SUSE Linux Enterprise Server 12 GA python-libxml2
SUSE Linux Enterprise Server 12 SP1
  • libxml2-2 >= 2.9.1-10.1
  • libxml2-2-32bit >= 2.9.1-10.1
  • libxml2-doc >= 2.9.1-10.1
  • libxml2-tools >= 2.9.1-10.1
  • python-libxml2 >= 2.9.1-10.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libxml2-2
SUSE Linux Enterprise Server 12 SP1 GA python-libxml2
SUSE Linux Enterprise Server 12 SP2
  • libxml2-2 >= 2.9.4-27.1
  • libxml2-2-32bit >= 2.9.4-27.1
  • libxml2-doc >= 2.9.4-27.1
  • libxml2-tools >= 2.9.4-27.1
  • python-libxml2 >= 2.9.4-27.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libxml2-2
SUSE Linux Enterprise Server 12 SP2 GA python-libxml2
SUSE Linux Enterprise Server 12 SP3
  • libxml2-2 >= 2.9.4-45.1
  • libxml2-2-32bit >= 2.9.4-45.1
  • libxml2-doc >= 2.9.4-45.1
  • libxml2-tools >= 2.9.4-45.1
  • python-libxml2 >= 2.9.4-45.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libxml2-2
SUSE Linux Enterprise Server 12 SP3 GA python-libxml2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libxml2-2 >= 2.9.4-27.1
  • libxml2-doc >= 2.9.4-27.1
  • libxml2-tools >= 2.9.4-27.1
  • python-libxml2 >= 2.9.4-27.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libxml2-2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA python-libxml2
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libxml2-devel >= 2.7.6-0.31.1
  • libxml2-devel-32bit >= 2.7.6-0.31.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libxml2-devel
SUSE Linux Enterprise Software Development Kit 12
  • libxml2-devel >= 2.9.1-6.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libxml2-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libxml2-devel >= 2.9.1-10.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libxml2-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libxml2-devel >= 2.9.4-27.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libxml2-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libxml2-devel >= 2.9.4-45.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libxml2-devel
openSUSE Leap 15.0
  • libxml2-2 >= 2.9.7-lp150.1.7
  • libxml2-2-32bit >= 2.9.7-lp150.1.7
  • libxml2-tools >= 2.9.7-lp150.1.7
  • python3-libxml2-python >= 2.9.7-lp150.1.7
Patchnames:
openSUSE Leap 15.0 GA libxml2-2
openSUSE Leap 15.0 GA python3-libxml2-python
openSUSE Leap 42.1
  • libxml2-2 >= 2.9.1-8.1
  • libxml2-2-32bit >= 2.9.1-8.1
  • libxml2-devel >= 2.9.1-8.1
  • libxml2-tools >= 2.9.1-8.1
  • python-libxml2 >= 2.9.1-8.1
Patchnames:
openSUSE Leap 42.1 GA libxml2-2
openSUSE Leap 42.1 GA python-libxml2
openSUSE Leap 42.2
  • libxml2-2 >= 2.9.4-1.4
  • libxml2-2-32bit >= 2.9.4-1.4
  • libxml2-devel >= 2.9.4-1.4
  • libxml2-tools >= 2.9.4-1.4
  • python-libxml2 >= 2.9.4-1.3
Patchnames:
openSUSE Leap 42.2 GA libxml2-2
openSUSE Leap 42.2 GA python-libxml2
openSUSE Leap 42.3
  • libxml2-2 >= 2.9.4-10.1
  • libxml2-2-32bit >= 2.9.4-10.1
  • libxml2-devel >= 2.9.4-10.1
  • libxml2-tools >= 2.9.4-10.1
  • python-libxml2 >= 2.9.4-10.1
Patchnames:
openSUSE Leap 42.3 GA libxml2-2
openSUSE Leap 42.3 GA python-libxml2
openSUSE Tumbleweed
  • libxml2-2 >= 2.9.4-1.22
  • libxml2-2-32bit >= 2.9.4-1.22
  • libxml2-devel >= 2.9.4-1.22
  • libxml2-devel-32bit >= 2.9.4-1.22
  • libxml2-doc >= 2.9.4-1.22
  • libxml2-tools >= 2.9.4-1.22
  • python-libxml2 >= 2.9.4-1.4
Patchnames:
openSUSE Tumbleweed GA libxml2-2
openSUSE Tumbleweed GA python-libxml2