[Oraclevm-errata] OVMSA-2016-0087 Important: Oracle VM 3.4 libxml2 security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Jun 23 12:21:35 PDT 2016

Oracle VM Security Advisory OVMSA-2016-0087

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat 
<https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup 
<https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in 
<https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString 
<https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey 
<https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral 
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. 
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string 
vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability 

- Fix large parse of file from memory (rhbz#862969)

More information about the Oraclevm-errata mailing list