[linux-sparc-announce] LFSSA-2016-0361 Important: Linux for SPARC 1.0 libxml2 security update
Announcements for Linux for SPARC
linux-sparc-announce at oss.oracle.com
Fri Jun 24 12:02:05 PDT 2016
Linux for SPARC Security Advisory LFSSA-2016-0361
The following updated rpms for Linux for SPARC 1.0 have been uploaded to
the yum.oracle.com:
sparc64:
libxml2-2.7.6-21.0.2.el6_8.1.sparc64.rpm
libxml2-devel-2.7.6-21.0.2.el6_8.1.sparc64.rpm
libxml2-python-2.7.6-21.0.2.el6_8.1.sparc64.rpm
libxml2-static-2.7.6-21.0.2.el6_8.1.sparc64.rpm
SRPMS:
http://yum.oracle.com/repo/linux_sparc64/latest/libxml2-2.7.6-21.0.2.el6_8.1.src.rpm
Description of changes:
[2.7.6-21.0.2.el6.8.1]
- Output is changed causing multiple packages to fail to build
due to failing diff output tests
https://bugzilla.gnome.org/show_bug.cgi?id=760739
https://bugzilla.gnome.org/review?bug=760739&attachment=320482
original ref https://bugzilla.redhat.com/show_bug.cgi?id=1286692
(philip.copeland at oracle.com)
[2.7.6-21.0.1.el6.8.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.7.6-21.el6.8.1]
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat
<https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup
<https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in
xmlParserPrintFileContextInternal
<https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString
<https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey
<https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral
(CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser.
(CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string
vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability
(CVE-2016-4448)
[libxml2-2.7.6-21.el6.8]
- Fix large parse of file from memory (rhbz#862969)
More information about the linux-sparc-announce
mailing list