Oval Definition:	oval:org.opensuse.security:def:57171
Revision Date: 2021-03-01 Version: 1 Title: Security update for perl-XML-Twig (Moderate) Description: This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Family: unix Class: patch Status: Reference(s): 1008644 1010470 1012382 1023895 1027519 1029907 1029908 1029909 1030296 1030297 1030298 1030584 1030585 1030588 1030589 1031590 1031593 1031595 1031638 1031644 1031656 1037052 1037057 1037061 1037066 1037273 1037559 1044891 1044897 1044901 1044909 1044925 1044927 1045330 1052261 1055755 1062568 1063416 1065643 1065689 1065693 1066001 1067118 1068032 1068640 1068643 1068887 1068888 1068950 1069176 1069202 1069708 1071471 1072689 1072865 1074488 1074562 1074741 1075617 1075621 1076503 1077182 1077560 1077745 1077779 1078669 1078672 1078673 1078674 1079103 1079741 1080255 1080287 1080464 1080556 1080757 1081512 1081527 1082299 1083125 1083244 1083483 1083494 1083528 1083532 1083640 1084323 1085107 1085114 1085447 1085784 1086039 1086608 1086784 1086786 1086788 1090368 1090638 1090646 1090671 1090869 1090997 1091015 1091365 1091368 1092631 1111331 1115550 1119183 1121816 1121821 1124991 1160571 1174421 789827 980486 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-4562 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2014-9939 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-7915 CVE-2016-9180 CVE-2017-12190 CVE-2017-12424 CVE-2017-13166 CVE-2017-13166 CVE-2017-15299 CVE-2017-15868 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16644 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16939 CVE-2017-17833 CVE-2017-18017 CVE-2017-18204 CVE-2017-18208 CVE-2017-18221 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-8779 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-1066 CVE-2018-1068 CVE-2018-1087 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-3639 CVE-2018-5332 CVE-2018-5333 CVE-2018-5764 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-6927 CVE-2018-7208 CVE-2018-7566 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8781 CVE-2018-8897 CVE-2018-8945 CVE-2019-11091 CVE-2019-5188 CVE-2019-6109 CVE-2019-6111 CVE-2019-6975 CVE-2020-15705 SUSE-SU-2017:1336-1 SUSE-SU-2017:2947-1 SUSE-SU-2018:0174-1 SUSE-SU-2018:0252-1 SUSE-SU-2018:0848-1 SUSE-SU-2018:1510-1 SUSE-SU-2018:1699-1 SUSE-SU-2018:2991-1 SUSE-SU-2018:3207-1 SUSE-SU-2019:0941-1 SUSE-SU-2019:1954-1 SUSE-SU-2019:2042-1 SUSE-SU-2020:0360-1 SUSE-SU-2020:2173-2 SUSE-SU-2020:2308-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information cron-4.2-lp150.2 is installed OR cronie-1.5.1-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND transfig-3.2.6a-lp151.4.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND libssh2-0.2-5.18 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information e2fsprogs-1.43.8-3.11 is installed OR libcom_err2-1.43.8-3.11 is installed OR libcom_err2-32bit-1.43.8-3.11 is installed OR libext2fs2-1.43.8-3.11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND rpcbind-0.2.1_rc4-17.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_40-default-8-2 is installed OR kgraft-patch-3_12_74-60_64_40-xen-8-2 is installed OR kgraft-patch-SLE12-SP1_Update_15-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libxml2-2-2.9.4-27 is installed OR libxml2-2-32bit-2.9.4-27 is installed OR libxml2-doc-2.9.4-27 is installed OR libxml2-tools-2.9.4-27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_8_0-openjdk-1.8.0.212-27.32 is installed OR java-1_8_0-openjdk-demo-1.8.0.212-27.32 is installed OR java-1_8_0-openjdk-devel-1.8.0.212-27.32 is installed OR java-1_8_0-openjdk-headless-1.8.0.212-27.32 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_92-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_24-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ctags-5.8-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information gvim-7.4.326-17.6 is installed OR vim-7.4.326-17.6 is installed OR vim-data-7.4.326-17.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND perl-XML-Twig-3.44-5.3.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libwireshark9-2.4.9-48.29 is installed OR libwiretap7-2.4.9-48.29 is installed OR libwscodecs1-2.4.9-48.29 is installed OR libwsutil8-2.4.9-48.29 is installed OR wireshark-2.4.9-48.29 is installed OR wireshark-gtk-2.4.9-48.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bzip2-1.0.6-30.8 is installed OR bzip2-doc-1.0.6-30.8 is installed OR libbz2-1-1.0.6-30.8 is installed OR libbz2-1-32bit-1.0.6-30.8 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND binutils-2.31-9.26 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information MozillaFirefox-78.0.1-112.3 is installed OR MozillaFirefox-branding-SLE-78-35.3 is installed OR MozillaFirefox-devel-78.0.1-112.3 is installed OR MozillaFirefox-translations-common-78.0.1-112.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed
BACK