ELSA-2015-2550

Описание

[2.9.1-6.0.1.el7_1.2]

• Update doc/redhat.gif in tarball
• Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.9.1-6.2]

• Fix a series of CVEs (rhbz#1286496)
• CVE-2015-7941 Stop parsing on entities boundaries errors
• CVE-2015-7941 Cleanup conditional section error handling
• CVE-2015-8317 Fail parsing early on if encoding conversion failed
• CVE-2015-7942 Another variation of overflow in Conditional sections
• CVE-2015-7942 Fix an error in previous Conditional section patch
• Fix parsing short unclosed comment uninitialized access
• CVE-2015-7498 Avoid processing entities after encoding conversion failures
• CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
• CVE-2015-5312 Another entity expansion issue
• CVE-2015-7499 Add xmlHaltParser() to stop the parser
• CVE-2015-7499 Detect incoherency on GROW
• CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
• CVE-2015-8242 Buffer overead with HTML parser in push mode
• CVE-2015-1819 Enforce the reader to run in constant memory

[2.9.1-6]

• Fix missing entities after CVE-2014-3660 fix
• CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)
• Fix regressions introduced by CVE-2014-0191 patch

[2.9.1-5.1]

• CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)