[El-errata] ELSA-2012-1265 Important: Oracle Linux 6 libxslt security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Sep 14 06:29:46 PDT 2012


Oracle Linux Security Advisory ELSA-2012-1265

https://rhn.redhat.com/errata/RHSA-2012-1265.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.0.2.el6_3.1.i686.rpm

x86_64:
libxslt-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-1.1.26-2.0.2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.0.2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.0.2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.0.2.el6_3.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libxslt-1.1.26-2.0.2.el6_3.1.src.rpm



Description of changes:

[1.1.26-2.0.2.el6_3.1]
- Increment release to avoid ULN conflict with previous release.

[1.1.26-2.0.1.el6_3.1]
- Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in 
tarball

[1.1.26-2.el6_3.1]
- fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 
CVE-2012-2870
- Fix direct pattern matching bug
- Fix popping of vars in xsltCompilerNodePop
- Fix bug 602515
- Fix generate-id() to not expose object addresses (CVE-2011-1202)
- Fix some case of pattern parsing errors (CVE-2011-3970)
- Fix a bug in selecting XSLT elements (CVE-2012-2825)
- Fix portability to upcoming libxml2-2.9.0
- Fix default template processing on namespace nodes (CVE-2012-2871)
- Cleanup of the pattern compilation code (CVE-2012-2870)
- Hardening of code checking node types in various entry point 
(CVE-2012-2870)
- Hardening of code checking node types in EXSLT (CVE-2012-2870)
- Fix system-property with unknown namespace
- Xsltproc should return an error code if xinclude fails
- Fix a dictionary string usage
- Avoid a heap use after free error






More information about the El-errata mailing list