|
|
Subscribe / Log in / New account

Oracle alert ELSA-2012-1265 (libxslt)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2012-1265 Important: Oracle Linux 5 libxslt
	security update 


Date:
    	      Fri, 14 Sep 2012 06:30:14 -0700


Message-ID:
    	      <50533166.4040300@oracle.com>



Oracle Linux Security Advisory ELSA-2012-1265

https://rhn.redhat.com/errata/RHSA-2012-1265.html


The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
libxslt-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-python-1.1.17-4.0.1.el5_8.3.i386.rpm

x86_64:
libxslt-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-1.1.17-4.0.1.el5_8.3.x86_64.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.x86_64.rpm
libxslt-python-1.1.17-4.0.1.el5_8.3.x86_64.rpm

ia64:
libxslt-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-1.1.17-4.0.1.el5_8.3.ia64.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.ia64.rpm
libxslt-python-1.1.17-4.0.1.el5_8.3.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/libxslt-1.1.17-4....



Description of changes:

[1.1.17-4.0.1.el5_8.3 ]
- Added libxslt-enterprise.patch and replaced doc/redhat.gif in tarball

[1.1.17-4.el5_8.3]
- CVE-2012-2825 requires an extra patch on 1.1.17

[1.1.17-4.el5_8.2]
- remove the ChangeLog.gz which was raising multilib problems

[1.1.17-4.el5_8.1]
- fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 
CVE-2012-2870
- Fix portability to upcoming libxml2-2.9.0
- Fix generate-id() to not expose object addresses (CVE-2011-1202)
- Fix some case of pattern parsing errors (CVE-2011-3970)
- Fix a bug in selecting XSLT elements (CVE-2012-2825)
- Fix default template processing on namespace nodes (CVE-2012-2871)
- Fixed problem with namespace on compound predicate
- Fix direct pattern matching bug
- Big fixes of pattern compilations
- Fixes #527297 general patter comps fix and cleanup other cleanups Daniel
- QName parsing fix for patterns
- Cleanup of the pattern compilation code (CVE-2012-2870)
- Hardening of code checking node types in various entry point 
(CVE-2012-2870)
- Hardening of code checking node types in EXSLT (CVE-2012-2870)
- Fix system-property with unknown namespace
- Xsltproc should return an error code if xinclude fails
- Fix a dictionary string usage
- Avoid a heap use after free error

[1.1.17-4.el5]
- fix various problems in libexslt RC4 encryption/decryption functions
- resolves: rhbz#456233

[1.1.17-3.el5]
- fix a max number of steps in pattern match expressions bug
- resolves: rhbz#446892


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds