LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Oracle alert ELSA-2012-1288 (libxml2)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2012-1288 Moderate: Oracle Linux 6 libxml2
	security update 


Date:
    	      Tue, 18 Sep 2012 20:32:09 -0700


Message-ID:
    	      <50593CB9.20100@oracle.com>


Archive-link:
    	      Article, Thread
              


Oracle Linux Security Advisory ELSA-2012-1288

https://rhn.redhat.com/errata/RHSA-2012-1288.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
libxml2-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-devel-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-python-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-static-2.7.6-8.0.1.el6_3.3.i686.rpm

x86_64:
libxml2-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-2.7.6-8.0.1.el6_3.3.x86_64.rpm
libxml2-devel-2.7.6-8.0.1.el6_3.3.i686.rpm
libxml2-devel-2.7.6-8.0.1.el6_3.3.x86_64.rpm
libxml2-python-2.7.6-8.0.1.el6_3.3.x86_64.rpm
libxml2-static-2.7.6-8.0.1.el6_3.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libxml2-2.7.6-8.0...



Description of changes:

[2.7.6-8.0.1.el6_3.3 ]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.7.6-8.el6_3.3]
- Change the XPath code to percolate allocation error (CVE-2011-1944)

[2.7.6-8.el6_3.2]
- Fix an off by one pointer access (CVE-2011-3102)

[2.7.6-8.el6_3.1]
- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems (rhbz#843741)
- Fix entities local buffers size problems (rhbz#843741)
- Fix an error in previous commit (rhbz#843741)
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size (rhbz#843741)
- Impose a reasonable limit on comment size (rhbz#843741)
- Impose a reasonable limit on PI size (rhbz#843741)
- Cleanups and new limit APIs for dictionaries (rhbz#843741)
- Introduce some default parser limits (rhbz#843741)
- Implement some default limits in the XPath module
- Fixup limits parser (rhbz#843741)
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases (rhbz#843741)
- More avoid quadratic behaviour (rhbz#843741)
- Strengthen behaviour of the push parser in problematic situations 
(rhbz#843741)
- More fixups on the push parser behaviour (rhbz#843741)
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation

[2.7.6-8.el6]
- remove chunk in patch related to configure.in as it breaks rebuild
- Resolves: rhbz#788846

[2.7.6-7.el6]
- fix previous build to force compilation of randomization code
- Resolves: rhbz#788846

[2.7.6-6.el6]
- adds randomization to hash and dict structures CVE-2012-0841
- Resolves: rhbz#788846

[2.7.6-5.el6]
- Make sure the parser returns when getting a Stop order CVE-2011-3905
- Fix an allocation error when copying entities CVE-2011-3919
- Resolves: rhbz#771910


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds