[El-errata] ELSA-2015-2550 Moderate: Oracle Linux 7 libxml2 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Dec 7 10:26:34 PST 2015


Oracle Linux Security Advisory ELSA-2015-2550

http://linux.oracle.com/errata/ELSA-2015-2550.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
libxml2-2.9.1-6.0.1.el7_2.2.i686.rpm
libxml2-2.9.1-6.0.1.el7_2.2.x86_64.rpm
libxml2-devel-2.9.1-6.0.1.el7_2.2.i686.rpm
libxml2-devel-2.9.1-6.0.1.el7_2.2.x86_64.rpm
libxml2-python-2.9.1-6.0.1.el7_2.2.x86_64.rpm
libxml2-static-2.9.1-6.0.1.el7_2.2.i686.rpm
libxml2-static-2.9.1-6.0.1.el7_2.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libxml2-2.9.1-6.0.1.el7_2.2.src.rpm



Description of changes:

[2.9.1-6.0.1.el7_1.2]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.9.1-6.2]
- Fix a series of CVEs (rhbz#1286496)
- CVE-2015-7941 Stop parsing on entities boundaries errors
- CVE-2015-7941 Cleanup conditional section error handling
- CVE-2015-8317 Fail parsing early on if encoding conversion failed
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch
- Fix parsing short unclosed comment uninitialized access
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-5312 Another entity expansion issue
- CVE-2015-7499 Add xmlHaltParser() to stop the parser
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 Buffer overead with HTML parser in push mode
- CVE-2015-1819 Enforce the reader to run in constant memory

[2.9.1-6]
- Fix missing entities after CVE-2014-3660 fix
- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)
- Fix regressions introduced by CVE-2014-0191 patch

[2.9.1-5.1]
- CVE-2014-3660 denial of service via recursive entity expansion 
(rhbz#1149087)






More information about the El-errata mailing list