| |||||||||||||||||||
Oracle alert ELSA-2012-1265 (libxslt)
Oracle Linux Security Advisory ELSA-2012-1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.0.2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm libxslt-1.1.26-2.0.2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.0.2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.0.2.el6_3.1.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/libxslt-1.1.26-2.... Description of changes: [1.1.26-2.0.2.el6_3.1] - Increment release to avoid ULN conflict with previous release. [1.1.26-2.0.1.el6_3.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.26-2.el6_3.1] - fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 - Fix direct pattern matching bug - Fix popping of vars in xsltCompilerNodePop - Fix bug 602515 - Fix generate-id() to not expose object addresses (CVE-2011-1202) - Fix some case of pattern parsing errors (CVE-2011-3970) - Fix a bug in selecting XSLT elements (CVE-2012-2825) - Fix portability to upcoming libxml2-2.9.0 - Fix default template processing on namespace nodes (CVE-2012-2871) - Cleanup of the pattern compilation code (CVE-2012-2870) - Hardening of code checking node types in various entry point (CVE-2012-2870) - Hardening of code checking node types in EXSLT (CVE-2012-2870) - Fix system-property with unknown namespace - Xsltproc should return an error code if xinclude fails - Fix a dictionary string usage - Avoid a heap use after free error _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata (Log in to post comments)
|
|||||||||||||||||||