{"affected":[{"ecosystem_specific":{"binaries":[{"libyang-extentions":"1.0.184-150300.3.6.1","libyang1":"1.0.184-150300.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP3","name":"libyang","purl":"pkg:rpm/suse/libyang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.184-150300.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libyang-extentions":"1.0.184-150300.3.6.1","libyang1":"1.0.184-150300.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP4","name":"libyang","purl":"pkg:rpm/suse/libyang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.184-150300.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libyang-cpp-devel":"1.0.184-150300.3.6.1","libyang-cpp1":"1.0.184-150300.3.6.1","libyang-devel":"1.0.184-150300.3.6.1","libyang-doc":"1.0.184-150300.3.6.1","libyang-extentions":"1.0.184-150300.3.6.1","libyang1":"1.0.184-150300.3.6.1","python3-yang":"1.0.184-150300.3.6.1","yang-tools":"1.0.184-150300.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"libyang","purl":"pkg:rpm/opensuse/libyang&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.184-150300.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libyang-cpp-devel":"1.0.184-150300.3.6.1","libyang-cpp1":"1.0.184-150300.3.6.1","libyang-devel":"1.0.184-150300.3.6.1","libyang-doc":"1.0.184-150300.3.6.1","libyang-extentions":"1.0.184-150300.3.6.1","libyang1":"1.0.184-150300.3.6.1","python3-yang":"1.0.184-150300.3.6.1","yang-tools":"1.0.184-150300.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"libyang","purl":"pkg:rpm/opensuse/libyang&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.184-150300.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libyang fixes the following issues:\n\n- CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS (bsc#1186378)\n- CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS (bsc#1186376).\n- CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem (bsc#1186375).\n- CVE-2021-28902: Fixed missing check in read_yin_container that can lead to DoS (bsc#1186374).\n","id":"SUSE-SU-2022:3245-1","modified":"2022-09-12T07:01:51Z","published":"2022-09-12T07:01:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223245-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186374"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186375"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186376"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186378"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28902"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28903"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28904"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28906"}],"related":["CVE-2021-28902","CVE-2021-28903","CVE-2021-28904","CVE-2021-28906"],"summary":"Security update for libyang","upstream":["CVE-2021-28902","CVE-2021-28903","CVE-2021-28904","CVE-2021-28906"]}