ELSA-2016-1292

Описание

[2.9.1-6.0.1.3]

• Update doc/redhat.gif in tarball
• Add libxml2-oracle-enterprise.patch and update logos in tarball

[libxml2-2.9.1-6.3]

• Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
• Bug 763071: Heap-buffer-overflow in xmlStrncat https://bugzilla.gnome.org/show_bug.cgi?id=763071 (CVE-2016-1834)
• Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup https://bugzilla.gnome.org/show_bug.cgi?id=757711 (CVE-2016-1840)
• Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal https://bugzilla.gnome.org/show_bug.cgi?id=758588 (CVE-2016-1838)
• Bug 758605: Heap-based buffer overread in xmlDictAddString https://bugzilla.gnome.org/show_bug.cgi?id=758605 (CVE-2016-1839)
• Bug 759398: Heap use-after-free in xmlDictComputeFastKey https://bugzilla.gnome.org/show_bug.cgi?id=759398 (CVE-2016-1836)
• Fix inappropriate fetch of entities content (CVE-2016-4449)
• Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)
• Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
• Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
• Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
• Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)
• Avoid building recursive entities (CVE-2016-3627)
• Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)
• More format string warnings with possible format string vulnerability (CVE-2016-4448)