Oracle Errata SystemOracle Linux5.32021-09-09T12:48:14
ELSA-2015-2550: libxml2 security update (MODERATE)
Oracle Linux 7
[2.9.1-6.0.1.el7_1.2]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.9.1-6.2]
- Fix a series of CVEs (rhbz#1286496)
- CVE-2015-7941 Stop parsing on entities boundaries errors
- CVE-2015-7941 Cleanup conditional section error handling
- CVE-2015-8317 Fail parsing early on if encoding conversion failed
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch
- Fix parsing short unclosed comment uninitialized access
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-5312 Another entity expansion issue
- CVE-2015-7499 Add xmlHaltParser() to stop the parser
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 Buffer overead with HTML parser in push mode
- CVE-2015-1819 Enforce the reader to run in constant memory
[2.9.1-6]
- Fix missing entities after CVE-2014-3660 fix
- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)
- Fix regressions introduced by CVE-2014-0191 patch
[2.9.1-5.1]
- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)
MODERATECopyright 2015 Oracle, Inc.CVE-2015-1819CVE-2015-5312CVE-2015-7497CVE-2015-7498CVE-2015-7499CVE-2015-7500CVE-2015-7941CVE-2015-7942CVE-2015-8241CVE-2015-8242CVE-2015-8317libxml2libxml2-devellibxml2-pythonlibxml2-staticoraclelinux-release72f97b74ec551f03^7x86_640:2.9.1-6.0.1.el7_2.2