[El-errata] ELSA-2012-1265 Important: Oracle Linux 5 libxslt security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Sep 14 06:30:14 PDT 2012 

Oracle Linux Security Advisory ELSA-2012-1265

https://rhn.redhat.com/errata/RHSA-2012-1265.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
libxslt-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-python-1.1.17-4.0.1.el5_8.3.i386.rpm

x86_64:
libxslt-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-1.1.17-4.0.1.el5_8.3.x86_64.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.x86_64.rpm
libxslt-python-1.1.17-4.0.1.el5_8.3.x86_64.rpm

ia64:
libxslt-1.1.17-4.0.1.el5_8.3.i386.rpm
libxslt-1.1.17-4.0.1.el5_8.3.ia64.rpm
libxslt-devel-1.1.17-4.0.1.el5_8.3.ia64.rpm
libxslt-python-1.1.17-4.0.1.el5_8.3.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/libxslt-1.1.17-4.0.1.el5_8.3.src.rpm



Description of changes:

[1.1.17-4.0.1.el5_8.3 ]
- Added libxslt-enterprise.patch and replaced doc/redhat.gif in tarball

[1.1.17-4.el5_8.3]
- CVE-2012-2825 requires an extra patch on 1.1.17

[1.1.17-4.el5_8.2]
- remove the ChangeLog.gz which was raising multilib problems

[1.1.17-4.el5_8.1]
- fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 
CVE-2012-2870
- Fix portability to upcoming libxml2-2.9.0
- Fix generate-id() to not expose object addresses (CVE-2011-1202)
- Fix some case of pattern parsing errors (CVE-2011-3970)
- Fix a bug in selecting XSLT elements (CVE-2012-2825)
- Fix default template processing on namespace nodes (CVE-2012-2871)
- Fixed problem with namespace on compound predicate
- Fix direct pattern matching bug
- Big fixes of pattern compilations
- Fixes #527297 general patter comps fix and cleanup other cleanups Daniel
- QName parsing fix for patterns
- Cleanup of the pattern compilation code (CVE-2012-2870)
- Hardening of code checking node types in various entry point 
(CVE-2012-2870)
- Hardening of code checking node types in EXSLT (CVE-2012-2870)
- Fix system-property with unknown namespace
- Xsltproc should return an error code if xinclude fails
- Fix a dictionary string usage
- Avoid a heap use after free error

[1.1.17-4.el5]
- fix various problems in libexslt RC4 encryption/decryption functions
- resolves: rhbz#456233

[1.1.17-3.el5]
- fix a max number of steps in pattern match expressions bug
- resolves: rhbz#446892

More information about the El-errata mailing list