Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0225 SUSE Security Update: Security update for perl-XML-LibXML 23 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: perl-XML-LibXML Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-10672 Reference: ESB-2017.2967 ESB-2017.3007 Original Bulletin: https://www.suse.com/support/update/announcement/2018/suse-su-20180170-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for perl-XML-LibXML ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0170-1 Rating: important References: #1046848 Cross-References: CVE-2017-10672 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-perl-XML-LibXML-13426=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-XML-LibXML-1.66-3.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): perl-XML-LibXML-1.66-3.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): perl-XML-LibXML-1.66-3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-XML-LibXML-debuginfo-1.66-3.3.1 perl-XML-LibXML-debugsource-1.66-3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): perl-XML-LibXML-debuginfo-1.66-3.3.1 perl-XML-LibXML-debugsource-1.66-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-10672.html https://bugzilla.suse.com/1046848 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWmZ5Pox+lLeg9Ub1AQhmog//XY1ebwfwHT0fDgI9VCou/Zpy9rryiWNi wRkYybYyUk4cFPNxsSBzRYH1cE9VVLMOw1+Lifg0vOeJ7bDZIzyA9zGX42KiYgfJ 4zzg+a2uzVCSHU3a5daoqC9eqAaS3LnhhjDyILC/ymez/1QrUuOAtjGmkbHoKCGV Ff15eEyi+iWGZbukFAODfT2cqc3GOFuKeO7rABh2BuQUm9ZY9MEQveScXaBa8ZOK zsMwJpjiMsya7E7opA6z5uvUY27lCKBtWdXEvKrJXUK9sBYG7on/OmkY4GJdBssc Umo/O9d7X6Y2PDIFkWObA1Ooqx9kh1lyUvtfdOSkG1KQmMSTz4/JJmNHIACb47j6 OCzERTfYkCvaIbJPRx2Qz1vyoaHE8XDhV00PwrSLjvhk31+JnvYSr8XMZPSKEZyW ZAZhPh4jjrA7fSLZYLrRpxmEPwmk0OVo3eWUcjG1EoySOYeO8M6GMsl0ys99cfv4 xW8pwu7tmtQE5hcHUUoGim2XARkFcCa8CMzp9wUEXbJCLYrNrXbL5L/I7btxb+iE JR8JAqiE/CUTtim3XbIArMy8N0EHiyI2+vLCT9WMS4hskXQivV9RpUolZgiAZGOQ AHNiZ0/ismVtH4ofwfcyj8FNyuNjlyNvRxz1ywUugeZPtGlQZjita13VLb5w1eRT vqGyx/ynxco= =CD0d -----END PGP SIGNATURE-----