OpenSUSE Linux update for libxml2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 |
| CWE-ID | CWE-119 CWE-476 CWE-835 CWE-611 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU15363
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18258
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the xz_head() function of the GNOME libxml2 library, as defined in the xzlib.c source code due to boundary error in the Lempel-Ziv-Markov (LZMA) decompression feature. A remote unauthenticated attacker can trick the victim into opening a specially crafted LZMA file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Null pointer dereference
EUVDB-ID: #VU13949
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-14404
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the xmlXPathCompOpEval() function, as defined in the path.c source code file due to improper parsing of invalid XPath expressions in the XPATH_OP_AND and XPATH_OP_OR cases. A remote attacker can send a specially crafted request that submits malicious input to an application that is using the affected library, trigger a NULL pointer dereference and cause the application to crash.
Update the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Infinite loop
EUVDB-ID: #VU14470
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14567
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the liblzma error code of the GNOME libxml2 library due to an infinite loop condition in the Lempel–Ziv–Markov (LZMA) decompression feature during the processing of XML files. A remote attacker can trick the victim into opening an XML file that submits malicious input, trigger a LZMA_MEMLIMIT_ERROR condition and cause the service to crash.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU15364
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9251
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the xz_decomp() function of the GNOME libxml2 library, as defined in the xzlib.c source code due to an infinite loop condition in the Lempel-Ziv-Markov (LZMA) decompression feature during the processing of XML files. A remote unauthenticated attacker can trick the victim into opening a specially crafted XML file that submits malicious input, trigger an LZMA_MEMLIMIT_ERROR condition and cause the application to crash.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00026.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
