Oracle Errata System
Oracle Linux
5.3
2021-09-09T12:48:19
ELSA-2016-1292: libxml2 security update (IMPORTANT)
Oracle Linux 6
Oracle Linux 7
[2.9.1-6.0.1.3]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[libxml2-2.9.1-6.3]
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability (CVE-2016-4448)
IMPORTANT
Copyright 2016 Oracle, Inc.
CVE-2016-1834
CVE-2016-1836
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3705
CVE-2016-4448
CVE-2016-1762
CVE-2016-1833
CVE-2016-1835
CVE-2016-1837
CVE-2016-3627
CVE-2016-4447
CVE-2016-4449
libxml2
libxml2-devel
libxml2-python
libxml2-static
oraclelinux-release
72f97b74ec551f03
^6
x86_64
0:2.7.6-21.0.1.el6_8.1
i686
^7
aarch64
0:2.9.1-6.0.1.el7_2.3