libixml11-1.14.10-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11006 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libixml11-1.14.10-1.2 on GA media These are all security issues fixed in the libixml11-1.14.10-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11006 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11006 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-6255/ SUSE CVE CVE-2016-6255 page https://www.suse.com/security/cve/CVE-2016-8863/ SUSE CVE CVE-2016-8863 page https://www.suse.com/security/cve/CVE-2021-28302/ SUSE CVE CVE-2021-28302 page https://www.suse.com/security/cve/CVE-2021-29462/ SUSE CVE CVE-2021-29462 page openSUSE Tumbleweed libixml11-1.14.10-1.2 libixml11-32bit-1.14.10-1.2 libupnp-devel-1.14.10-1.2 libupnp17-1.14.10-1.2 libupnp17-32bit-1.14.10-1.2 libixml11-1.14.10-1.2 as a component of openSUSE Tumbleweed libixml11-32bit-1.14.10-1.2 as a component of openSUSE Tumbleweed libupnp-devel-1.14.10-1.2 as a component of openSUSE Tumbleweed libupnp17-1.14.10-1.2 as a component of openSUSE Tumbleweed libupnp17-32bit-1.14.10-1.2 as a component of openSUSE Tumbleweed Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. CVE-2016-6255 openSUSE Tumbleweed:libixml11-1.14.10-1.2 openSUSE Tumbleweed:libixml11-32bit-1.14.10-1.2 openSUSE Tumbleweed:libupnp-devel-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-32bit-1.14.10-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6255.html CVE-2016-6255 https://bugzilla.suse.com/989948 SUSE Bug 989948 Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. CVE-2016-8863 openSUSE Tumbleweed:libixml11-1.14.10-1.2 openSUSE Tumbleweed:libixml11-32bit-1.14.10-1.2 openSUSE Tumbleweed:libupnp-devel-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-32bit-1.14.10-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8863.html CVE-2016-8863 https://bugzilla.suse.com/1006256 SUSE Bug 1006256 A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. CVE-2021-28302 openSUSE Tumbleweed:libixml11-1.14.10-1.2 openSUSE Tumbleweed:libixml11-32bit-1.14.10-1.2 openSUSE Tumbleweed:libupnp-devel-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-32bit-1.14.10-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-28302.html CVE-2021-28302 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. CVE-2021-29462 openSUSE Tumbleweed:libixml11-1.14.10-1.2 openSUSE Tumbleweed:libixml11-32bit-1.14.10-1.2 openSUSE Tumbleweed:libupnp-devel-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-1.14.10-1.2 openSUSE Tumbleweed:libupnp17-32bit-1.14.10-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-29462.html CVE-2021-29462