|
|
Subscribe / Log in / New account

Oracle alert ELSA-2016-1292 (libxml2)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2016-1292 Important: Oracle Linux 6 libxml2 security update 


Date:
    	      Thu, 23 Jun 2016 11:20:18 -0700


Message-ID:
    	      <576C2862.8010606@oracle.com>


Oracle Linux Security Advisory ELSA-2016-1292

http://linux.oracle.com/errata/ELSA-2016-1292.html


The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
libxml2-2.7.6-21.0.1.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.0.1.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.0.1.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.0.1.el6_8.1.i686.rpm

x86_64:
libxml2-2.7.6-21.0.1.el6_8.1.i686.rpm
libxml2-2.7.6-21.0.1.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.0.1.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.0.1.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.0.1.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.0.1.el6_8.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libxml2-2.7.6-21....



Description of changes:

[2.7.6-21.0.1.el6.8.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.7.6-21.el6.8.1]
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat 
<https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup 
<https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in 
xmlParserPrintFileContextInternal 
<https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString 
<https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey 
<https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral 
(CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. 
(CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string 
vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability 
(CVE-2016-4448)

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds