ELSA-2016-1292

ELSA-2016-1292 - libxml2 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2016-06-23

Description


[2.9.1-6.0.1.3]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

[libxml2-2.9.1-6.3]
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability (CVE-2016-4448)


Related CVEs


CVE-2016-1834
CVE-2016-1836
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3705
CVE-2016-4448
CVE-2016-1762
CVE-2016-1833
CVE-2016-1835
CVE-2016-1837
CVE-2016-3627
CVE-2016-4447
CVE-2016-4449

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) libxml2-2.7.6-21.0.1.el6_8.1.src.rpm061d0e7c8fb83ab45e4ddd1600de08e4-
libxml2-2.7.6-21.0.1.el6_8.1.i686.rpmb793360173823877767c5c2a8b97c183-
libxml2-devel-2.7.6-21.0.1.el6_8.1.i686.rpm34fa0bd32cd71776b2ef4dcf04e5b4d8-
libxml2-python-2.7.6-21.0.1.el6_8.1.i686.rpm847f6f9b4653e08a67f09165035bb6b7-
libxml2-static-2.7.6-21.0.1.el6_8.1.i686.rpmfbd9a3a90b7a6f91f4ce5deb7b5a8787-
Oracle Linux 6 (x86_64) libxml2-2.7.6-21.0.1.el6_8.1.src.rpm061d0e7c8fb83ab45e4ddd1600de08e4-
libxml2-2.7.6-21.0.1.el6_8.1.i686.rpmb793360173823877767c5c2a8b97c183-
libxml2-2.7.6-21.0.1.el6_8.1.x86_64.rpme4eab1e995ecbcb4c43bd31e2806c0ee-
libxml2-devel-2.7.6-21.0.1.el6_8.1.i686.rpm34fa0bd32cd71776b2ef4dcf04e5b4d8-
libxml2-devel-2.7.6-21.0.1.el6_8.1.x86_64.rpm25542c9db6842cb311c716d531b6050b-
libxml2-python-2.7.6-21.0.1.el6_8.1.x86_64.rpma6bf4768dd5ea532d9dd7fdd603d7048-
libxml2-static-2.7.6-21.0.1.el6_8.1.x86_64.rpmb4561fbd7621edaab6b1f9e5478a0f8e-
Oracle Linux 7 (aarch64) libxml2-2.9.1-6.0.1.el7_2.3.src.rpm5e1578e905d84900b31479d675fae3caELSA-2020-3996
libxml2-2.9.1-6.0.1.el7_2.3.aarch64.rpm2e4b2a38b5b0d8b9b0b3913341c483eaELSA-2020-3996
libxml2-devel-2.9.1-6.0.1.el7_2.3.aarch64.rpma76a9a7ac5466957f20a1b605b4572b7ELSA-2020-3996
libxml2-python-2.9.1-6.0.1.el7_2.3.aarch64.rpm1bf10955dfc9ebdfc3959a24a715e162ELSA-2020-3996
libxml2-static-2.9.1-6.0.1.el7_2.3.aarch64.rpm49f713cc0e3902f52cb4073a56f3f558ELSA-2020-3996
Oracle Linux 7 (x86_64) libxml2-2.9.1-6.0.1.el7_2.3.src.rpm5e1578e905d84900b31479d675fae3caELSA-2020-3996
libxml2-2.9.1-6.0.1.el7_2.3.i686.rpma8082fe7715b0c5c80755eb1d4d7b932ELSA-2020-3996
libxml2-2.9.1-6.0.1.el7_2.3.x86_64.rpm2f096b16fc08d22cf99297a4223d6172ELSA-2020-3996
libxml2-devel-2.9.1-6.0.1.el7_2.3.i686.rpme2d21ee7eab5fb058fa7eddbd71242e3ELSA-2020-3996
libxml2-devel-2.9.1-6.0.1.el7_2.3.x86_64.rpme852a2bcfdf3d91898b8324ea3f689bbELSA-2020-3996
libxml2-python-2.9.1-6.0.1.el7_2.3.x86_64.rpm1cad6b7ace02a61725ed7877e0171b3aELSA-2020-3996
libxml2-static-2.9.1-6.0.1.el7_2.3.i686.rpm2fc8eb14ed1f0414d8d9c537d35fd764ELSA-2020-3996
libxml2-static-2.9.1-6.0.1.el7_2.3.x86_64.rpm511ba386bf9234e35522ddeb0f372ae2ELSA-2020-3996



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete