Oval Definition:	oval:org.opensuse.security:def:58605
Revision Date: 2020-12-01 Version: 1 Title: Security update for expat (Moderate) Description: This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Family: unix Class: patch Status: Reference(s): 1010845 1019274 1023012 1035371 1037384 1039348 1048510 1065276 1066156 1068251 1070428 1071558 1074254 1075724 1076308 1081556 1094508 1097158 1097624 1098592 1103276 1104129 1111014 1126068 1126069 1132728 1132729 1132732 1132734 1133185 1134718 1163927 1166844 1169659 1170313 1170423 1175476 897422 983215 983216 CVE-2010-0624 CVE-2012-5783 CVE-2012-6702 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2014-9112 CVE-2015-4041 CVE-2015-4042 CVE-2016-10207 CVE-2016-2037 CVE-2016-5300 CVE-2016-9401 CVE-2016-9941 CVE-2016-9942 CVE-2017-1000364 CVE-2017-12133 CVE-2017-15908 CVE-2018-0732 CVE-2018-1049 CVE-2018-15468 CVE-2018-17963 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-10245 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2019-14559 CVE-2019-14562 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 CVE-2019-6465 CVE-2020-10531 CVE-2020-11945 SUSE-SU-2017:0424-1 SUSE-SU-2017:0622-1 SUSE-SU-2017:1317-1 SUSE-SU-2017:1617-1 SUSE-SU-2018:0299-1 SUSE-SU-2018:0655-1 SUSE-SU-2018:1887-1 SUSE-SU-2019:1644-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:3126-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information java-10-openjdk-10.0.1.0-lp150.1 is installed OR java-10-openjdk-headless-10.0.1.0-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libIlmImf-2_2-23-2.2.1-lp151.4.6 is installed OR libIlmImf-2_2-23-32bit-2.2.1-lp151.4.6 is installed OR libIlmImfUtil-2_2-23-2.2.1-lp151.4.6 is installed OR libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.6 is installed OR openexr-2.2.1-lp151.4.6 is installed OR openexr-devel-2.2.1-lp151.4.6 is installed OR openexr-doc-2.2.1-lp151.4.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information expat-2.1.0-20 is installed OR libexpat1-2.1.0-20 is installed OR libexpat1-32bit-2.1.0-20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.35-30.50 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.6_05-43.42 is installed OR xen-doc-html-4.7.6_05-43.42 is installed OR xen-libs-4.7.6_05-43.42 is installed OR xen-libs-32bit-4.7.6_05-43.42 is installed OR xen-tools-4.7.6_05-43.42 is installed OR xen-tools-domU-4.7.6_05-43.42 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_57-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_18-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.35-38.29 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.35-38.29 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.35-38.29 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.35-38.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information pdns-4.1.2-3.3 is installed OR pdns-backend-mysql-4.1.2-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
BACK