[Oraclevm-errata] OVMSA-2014-0031 Moderate: Oracle VM 3.3 libxml2 security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Nov 4 09:36:22 PST 2014
Oracle VM Security Advisory OVMSA-2014-0031
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
libxml2-2.7.6-17.0.1.el6_6.1.x86_64.rpm
libxml2-python-2.7.6-17.0.1.el6_6.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/libxml2-2.7.6-17.0.1.el6_6.1.src.rpm
Description of changes:
[2.7.6-17.0.1.el6_6.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[libxml2-2.7.6-17.el6.1]
- CVE-2014-3660 denial of service via recursive entity expansion
(rhbz#1149085)
[libxml2-2.7.6-17.el6]
- Fix a set of regressions introduced in CVE-2014-0191 (rhbz#1105011)
[libxml2-2.7.6-16.el6]
- Improve handling of xmlStopParser(CVE-2013-2877)
[libxml2-2.7.6-15.el6]
- Do not fetch external parameter entities (CVE-2014-0191)
[libxml2-2.7.6-14.el6]
- Fix a regression in 2.9.0 breaking validation while streaming
(rhbz#863166)
[2.7.6-13.el6]
- detect and stop excessive entities expansion upon replacement
(rhbz#912575)
More information about the Oraclevm-errata
mailing list