Описание
ELBA-2025-6597: libxml2 bug fix and enhancement update (CRITICAL)
[2.12.5-5]
- Fix CVE-2024-56171 (RHEL-80119)
- Fix CVE-2025-24928 (RHEL-80134)
[2.12.5-4]
- Fix CVE-2024-40896 (RHEL-72060)
[2.12.5-3]
- Bump release for October 2024 mass rebuild: Resolves: RHEL-64018
[2.12.5-2]
- Bump release for June 2024 mass rebuild
[2.12.5-1]
- Update to 2.12.5 (#2262648)
[2.12.4-3]
[2.12.4-2]
[2.12.4-1]
- Update to 2.12.4 (#2258493)
[2.12.3-1]
- Update to 2.12.3 (#2254194)
[2.12.2-2]
- Upstream patch to add extra includes
[2.12.2-1]
- Update to 2.12.2 (#2137281)
- Enable W3C XML Conformance and Schema test suites
[2.12.1-1]
- Update to 2.12.1 (#2250062)
[2.12.0-1]
- Update to 2.12.0 (#2250062)
[2.11.6-1]
- Update to 2.11.6
[2.11.5-1]
- Update to 2.11.5 (#2190441)
[2.10.4-3]
[2.10.4-2]
- Rebuilt for Python 3.12
[2.10.4-1]
- Update to 2.10.4 (#2185870)
[2.10.3-3]
[2.10.3-2]
- Set build options to maintain (most) symbols from 2.9.14 (#2139546)
[2.10.3-1]
- Update to 2.10.3 (#2119077)
[2.10.2-1]
- Update to 2.10.2 (#2119077)
[2.9.14-3]
[2.9.14-2]
- Rebuilt for Python 3.11
[2.9.14-1]
- Update to 2.9.14 (#2080961)
[2.9.13-1]
- Update to 2.9.13
[2.9.12-7]
[2.9.12-6]
[2.9.12-5]
- Rebuilt for Python 3.10
[2.9.12-4]
- Fix xmlNodeDumpOutputInternal regression (#1965662)
[2.9.12-3]
- Fix multiarch conflict in devel subpackage
[2.9.12-2]
- Fix python-lxml regression with 2.9.12
[2.9.12-1]
- Update to 2.9.12 (#1960153)
[2.9.10-12]
- Fix CVE-2021-3537 (#1956524)
[2.9.10-11]
- Fix CVE-2021-3516 (#1954227)
- Fix CVE-2021-3517 (#1954234)
- Fix CVE-2021-3518 (#1954243)
[2.9.10-10]
[2.9.10-9]
- Build the Python extension with the PY_SSIZE_T_CLEAN macro to make it compatible with Python 3.10.
- Fixes: rhbz#1890878.
[2.9.10-8]
- Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.
[2.9.10-7]
- Add fix for CVE-2020-24977 (RHBZ#1877788).
[2.9.10-6]
[2.9.10-5]
- Rebuilt for Python 3.9
[2.9.10-4]
- Fix CVE-2019-20388 (#1799736)
- Fix CVE-2020-7595 (#1799786)
[2.9.10-3]
[2.9.10-2]
- Fix relaxed approach to nested documents on object disposal (#1780573)
[2.9.10-1]
- Update to 2.9.10 (#1767151)
[2.9.9-7]
- Subpackage python2-libxml2 has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
[2.9.9-6]
- Rebuilt for Python 3.8.0rc1 (#1748018)
[2.9.9-5]
- Rebuild to fix corrupted libxml2-static package on aarch64 (#1745020)
[2.9.9-4]
- Rebuilt for Python 3.8
[2.9.9-3]
[2.9.9-2]
[2.9.9-1]
- Update to 2.9.9
[2.9.8-5]
- Add patch to fix crash: xmlParserPrintFileContextInternal mangles utf8
[2.9.8-4]
- Backport patches from upstream
[2.9.8-3]
[2.9.8-2]
- Rebuilt for Python 3.7
[2.9.8-1]
- Update to 2.9.8
[2.9.7-4]
- Rebuild with new LDFLAGS from redhat-rpm-config
[2.9.7-3]
[2.9.7-2]
- Switch to %ldconfig_scriptlets
[2.9.7-1]
- Update to 2.9.7
- Cleanups in packaging
[2.9.5-3]
- Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
[2.9.5-2]
- Fix reporting error about undefined XPath variables (bug #1493613)
[2.9.5-1]
- update to 2.9.5
[2.9.4-5]
- Python 2 binary package renamed to python2-libxml2 See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
[2.9.4-4]
[2.9.4-3]
[2.9.4-2]
[2.9.4-1]
- Update to 2.9.4.
- Apply very hacky patch that removes the no longer in python-3.6 PyVerify_fd symbol.
[2.9.3-5]
- Rebuild for Python 3.6
[2.9.3-4]
[2.9.3-3]
[2.9.3-2]
- Fix obsoletes versions now that F22 has libxml2 2.9.3 (#1287262)
[2.9.2-1]
- upstream release of 2.9.3
- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819 CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242
- many other bug fixes
[2.9.2-9]
- Rebuilt for Python3.5 rebuild
- Python3.5 has new naming convention for byte compiled files
[2.9.2-8]
- Remove executable permissions from documentation. Complies with packaging guidelines and solves issue of libxml2-python3 package depending on python2
[2.9.2-7]
- Remove dependency on python2 from python3 subpackage, rhbz#1250940
[2.9.2-6]
- Rename the Python 3 subpackage to python3-libxml2 as per guidelines
[2.9.2-5]
[2.9.2-4]
- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
[2.9.2-3]
- Added Python 3 subpackage
[2.9.2-2]
- Avoid corrupting the xml catalogs
[2.9.2-1]
- upstream release of 2.9.2
- Fix for CVE-214-3660 billion laugh DOS
- many other bug fixes
[2.9.1-5]
[2.9.1-4]
- fix license handling
[2.9.1-3]
[2.9.1-2]
[2.9.1-1]
- upstream release of 2.9.1
- a couple more API entry point
- compatibility with python3
- a lot of bug fixes
[2.9.0-4]
- fix --nocheck build which I broke in october rhbz#909767
[2.9.0-3]
- workaround for crc/len check failure, rhbz#877567
[2.9.0-2]
- remaining cleanups from merge bug rhbz#226079
- do not put the docs in the main package, only in -devel rhbz#864731
[2.9.0-1]
- upstream release of 2.9.0
- A few new API entry points
- More resilient push parser mode
- A lot of portability improvement
- Faster XPath evaluation
- a lot of bug fixes and smaller improvement
[2.9.0-0rc1]
- upstream release candidate 1 of 2.9.0
- introduce a small API change, but ABI compatible, see https://mail.gnome.org/archives/xml/2012-August/msg00005.html patches for php, gcc/libjava and evolution-data-connector are upstream Grab me in cases of problems veillard@redhat.com
- many bug fixes including security aspects and small improvements
[2.8.0-2]
[2.8.0-1]
- upstream release of 2.8.0
- add lzma compression support
- many bug fixes and small improvements
[2.7.8-7]
[2.7.8-6]
- fix a double free in XPath CVE-2010-4494 bug 665965
[2.7.8-5]
[2.7.8-4]
- reactivate shared libs versionning script
[2.7.8-1]
- Upstream release of 2.7.8
- various bug fixes, including potential crashes
- new non-destructive formatting option
- date parsing updated to RFC 5646
[2.7.7-2]
[2.7.7-1]
- Upstream release of 2.7.7
- fix serious trouble with zlib >= 1.2.4
- xmllint new option --xpath
- various HTML parser improvements
- includes a number of nug fixes
[2.7.6-1]
- Upstream release of 2.7.6
- restore thread support off by default in 2.7.5
[2.7.5-1]
- Upstream release of 2.7.5
- fix a couple of Relax-NG validation problems
- couple more fixes
[2.7.4-2]
- fix a problem with little data at startup affecting inkscape #523002
[2.7.4-1]
- upstream release 2.7.4
- symbol versioning of libxml2 shared libs
- very large number of bug fixes
[2.7.3-4]
- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416
[2.7.3-3]
[2.7.3-2]
[2.7.3-1]
- new release 2.7.3
- limit default max size of text nodes
- special parser mode for PHP
- bug fixes and more compiler checks
[2.7.2-7]
- Pull back into Python 2.6
[2.7.2-6]
- AutoProvides requires BuildRequires pkgconfig
[2.7.2-5]
- rebuild to get provides(libxml-2.0) into HEAD rawhide
[2.7.2-4]
- Rebuild for pkgconfig logic
[2.7.2-3]
- Rebuild for Python 2.6
[2.7.2-2.fc11]
- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226
[2.7.2-1.fc10]
- new release 2.7.2
- Fixes the known problems in 2.7.1
- increase the set of options when saving documents
[2.7.1-2.fc10]
- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660
[2.7.1-1.fc10]
- fix python serialization which was broken in 2.7.0
- Resolve: rhbz#460774
[2.7.0-1.fc10]
- upstream release of 2.7.0
- switch to XML 1.0 5th edition
- switch to RFC 3986 for URI parsing
- better entity handling
- option to remove hardcoded limitations in the parser
- more testing
- a new API to allocate entity nodes
- and lot of fixes and clanups
[2.6.32-4.fc10]
- fix for entities recursion problem
- Resolve: rhbz#459714
[2.6.32-3.fc10]
- cleanup based on Fedora packaging guidelines, should fix #226079
- separate a -static package
[2.6.32-2.fc10]
- try to fix multiarch problems like #440206
[2.6.32-1.fc9]
- upstream release 2.6.32 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.31-2]
- Autorebuild for GCC 4.3
[2.6.31-1.fc9]
- upstream release 2.6.31 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.30-1]
- upstream release 2.6.30 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.29-1]
- upstream release 2.6.29 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.28-2]
- Bump revision to fix N-V-R problem
[2.6.28-1]
- upstream release 2.6.28 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.27-2]
- rebuild against python 2.5
[2.6.27-1]
- upstream release 2.6.27 see http://xmlsoft.org/news.html
- very large amount of bug fixes reported upstream
[2.6.26-2.1.1]
- rebuild
[2.6.26-2.1]
- rebuild
[2.6.26-2]
- fix bug #192873
[2.6.26-1]
- upstream release 2.6.26 see http://xmlsoft.org/news.html
- Tue Jun 06 2006 Daniel Veillard veillard@redhat.com
- upstream release 2.6.25 broken, do not ship !
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
libxml2
2.12.5-5.el10_0
libxml2-devel
2.12.5-5.el10_0
libxml2-static
2.12.5-5.el10_0
python3-libxml2
2.12.5-5.el10_0
Oracle Linux x86_64
libxml2
2.12.5-5.el10_0
libxml2-devel
2.12.5-5.el10_0
libxml2-static
2.12.5-5.el10_0
python3-libxml2
2.12.5-5.el10_0
Связанные CVE
Связанные уязвимости
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.1 ...