Описание
ELSA-2013-0581: libxml2 security update (MODERATE)
[2.7.6-12.0.1.el6_4.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.7.6-12.el6_4.1] -detect and stop excessive entities expansion upon replacement (rhbz#912574)
[2.7.6-12.el6]
- fix out of range heap access (CVE-2012-5134)
[2.7.6-11.el6]
- Change the XPath code to percolate allocation error (CVE-2011-1944)
[2.7.6-10.el6]
- Fix an off by one pointer access (CVE-2011-3102)
[2.7.6-9.el6]
- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems (rhbz#843742)
- Fix entities local buffers size problems (rhbz#843742)
- Fix an error in previous commit (rhbz#843742)
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size (rhbz#843742)
- Impose a reasonable limit on comment size (rhbz#843742)
- Impose a reasonable limit on PI size (rhbz#843742)
- Cleanups and new limit APIs for dictionaries (rhbz#843742)
- Introduce some default parser limits (rhbz#843742)
- Implement some default limits in the XPath module
- Fixup limits parser (rhbz#843742)
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases (rhbz#843742)
- More avoid quadratic behaviour (rhbz#843742)
- Strengthen behaviour of the push parser in problematic situations (rhbz#843742)
- More fixups on the push parser behaviour (rhbz#843742)
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
libxml2
2.6.26-2.1.21.0.1.el5_9.1
libxml2-devel
2.6.26-2.1.21.0.1.el5_9.1
libxml2-python
2.6.26-2.1.21.0.1.el5_9.1
Oracle Linux x86_64
libxml2
2.6.26-2.1.21.0.1.el5_9.1
libxml2-devel
2.6.26-2.1.21.0.1.el5_9.1
libxml2-python
2.6.26-2.1.21.0.1.el5_9.1
Oracle Linux i386
libxml2
2.6.26-2.1.21.0.1.el5_9.1
libxml2-devel
2.6.26-2.1.21.0.1.el5_9.1
libxml2-python
2.6.26-2.1.21.0.1.el5_9.1
Oracle Linux 6
Oracle Linux x86_64
libxml2
2.7.6-12.0.1.el6_4.1
libxml2-devel
2.7.6-12.0.1.el6_4.1
libxml2-python
2.7.6-12.0.1.el6_4.1
libxml2-static
2.7.6-12.0.1.el6_4.1
Oracle Linux i686
libxml2
2.7.6-12.0.1.el6_4.1
libxml2-devel
2.7.6-12.0.1.el6_4.1
libxml2-python
2.7.6-12.0.1.el6_4.1
libxml2-static
2.7.6-12.0.1.el6_4.1
Связанные CVE
Связанные уязвимости
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.