[linux-sparc-announce] LFSSA-2015-0265 Linux for SPARC 1.0 libxml2 security update
Announcements for Linux for SPARC
linux-sparc-announce at oss.oracle.com
Tue Dec 8 12:57:46 PST 2015
Linux for SPARC Security Advisory LFSSA-2015-0265
The following updated rpms for Linux for SPARC 1.0 have been uploaded to the yum.oracle.com:
sparc64:
libxml2-2.7.6-20.0.1.el6_7.1.sparc64.rpm
libxml2-devel-2.7.6-20.0.1.el6_7.1.sparc64.rpm
libxml2-python-2.7.6-20.0.1.el6_7.1.sparc64.rpm
libxml2-static-2.7.6-20.0.1.el6_7.1.sparc64.rpm
SRPMS:
http://yum.oracle.com/repo/linux_sparc64/latest/libxml2-2.7.6-20.0.1.el6_7.1.src.rpm
Description of changes:
[2.7.6-20.0.1.el6_7.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.7.6-20.1]
- Fix a series of CVEs (rhbz#1286495)
- CVE-2015-7941 Cleanup conditional section error handling
- CVE-2015-8317 Fail parsing early on if encoding conversion failed
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch
- Fix parsing short unclosed comment uninitialized access
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-5312 Another entity expansion issue
- CVE-2015-7499 Add xmlHaltParser() to stop the parser
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 Buffer overead with HTML parser in push mode
- Libxml violates the zlib interface and crashes
More information about the linux-sparc-announce
mailing list