LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Oracle alert ELSA-2012-1288 (libxml2)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2012-1288 Moderate: Oracle Linux 6 libxml2
	security update 


Date:
    	      Tue, 18 Sep 2012 20:32:09 -0700


Message-ID:
    	      <50593CB9.20100@oracle.com>


Archive-link:
    	      Article, Thread
              


Oracle Linux Security Advisory ELSA-2012-1288

https://rhn.redhat.com/errata/RHSA-2012-1288.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
libxml2-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-devel-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-python-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-static-2.7.6-8.0.1.el6_3.3.i686.rpm

x86_64:
libxml2-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-2.7.6-8.0.1.el6_3.3.x86_64.rpm
libxml2-devel-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-devel-2.7.6-8.0.1.el6_3.3.x86_64.rpm
libxml2-python-2.7.6-8.0.1.el6_3.3.x86_64.rpm
libxml2-static-2.7.6-8.0.1.el6_3.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libxml2-2.7.6-8.0...



Description of changes:

[2.7.6-8.0.1.el6_3.3 ]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.7.6-8.el6_3.3]
- Change the XPath code to percolate allocation error (CVE-2011-1944)

[2.7.6-8.el6_3.2]
- Fix an off by one pointer access (CVE-2011-3102)

[2.7.6-8.el6_3.1]
- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems (rhbz#843741)
- Fix entities local buffers size problems (rhbz#843741)
- Fix an error in previous commit (rhbz#843741)
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size (rhbz#843741)
- Impose a reasonable limit on comment size (rhbz#843741)
- Impose a reasonable limit on PI size (rhbz#843741)
- Cleanups and new limit APIs for dictionaries (rhbz#843741)
- Introduce some default parser limits (rhbz#843741)
- Implement some default limits in the XPath module
- Fixup limits parser (rhbz#843741)
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases (rhbz#843741)
- More avoid quadratic behaviour (rhbz#843741)
- Strengthen behaviour of the push parser in problematic situations 
(rhbz#843741)
- More fixups on the push parser behaviour (rhbz#843741)
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation

[2.7.6-8.el6]
- remove chunk in patch related to configure.in as it breaks rebuild
- Resolves: rhbz#788846

[2.7.6-7.el6]
- fix previous build to force compilation of randomization code
- Resolves: rhbz#788846

[2.7.6-6.el6]
- adds randomization to hash and dict structures CVE-2012-0841
- Resolves: rhbz#788846

[2.7.6-5.el6]
- Make sure the parser returns when getting a Stop order CVE-2011-3905
- Fix an allocation error when copying entities CVE-2011-3919
- Resolves: rhbz#771910


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds