[Oraclevm-errata] OVMSA-2014-0031 Moderate: Oracle VM 3.3 libxml2 security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Nov 4 09:36:22 PST 2014

Oracle VM Security Advisory OVMSA-2014-0031

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

- CVE-2014-3660 denial of service via recursive entity expansion 

- Fix a set of regressions introduced in CVE-2014-0191 (rhbz#1105011)

- Improve handling of xmlStopParser(CVE-2013-2877)

- Do not fetch external parameter entities (CVE-2014-0191)

- Fix a regression in 2.9.0 breaking validation while streaming 

- detect and stop excessive entities expansion upon replacement 

More information about the Oraclevm-errata mailing list