[El-errata] ELSA-2012-1265 Important: Oracle Linux 6 libxslt security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Sep 14 06:29:46 PDT 2012
Oracle Linux Security Advisory ELSA-2012-1265
https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.0.2.el6_3.1.i686.rpm
x86_64:
libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-1.1.26-2.0.2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.0.2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.0.2.el6_3.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libxslt-1.1.26-2.0.2.el6_3.1.src.rpm
Description of changes:
[1.1.26-2.0.2.el6_3.1]
- Increment release to avoid ULN conflict with previous release.
[1.1.26-2.0.1.el6_3.1]
- Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in
tarball
[1.1.26-2.el6_3.1]
- fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871
CVE-2012-2870
- Fix direct pattern matching bug
- Fix popping of vars in xsltCompilerNodePop
- Fix bug 602515
- Fix generate-id() to not expose object addresses (CVE-2011-1202)
- Fix some case of pattern parsing errors (CVE-2011-3970)
- Fix a bug in selecting XSLT elements (CVE-2012-2825)
- Fix portability to upcoming libxml2-2.9.0
- Fix default template processing on namespace nodes (CVE-2012-2871)
- Cleanup of the pattern compilation code (CVE-2012-2870)
- Hardening of code checking node types in various entry point
(CVE-2012-2870)
- Hardening of code checking node types in EXSLT (CVE-2012-2870)
- Fix system-property with unknown namespace
- Xsltproc should return an error code if xinclude fails
- Fix a dictionary string usage
- Avoid a heap use after free error
More information about the El-errata
mailing list