Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in libxml2
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in libxml2
ID: FEDORA-2017-a3a47973eb
Distribution: Fedora
Plattformen: Fedora 25
Datum: Mi, 19. April 2017, 12:55
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
Applikationen: libxml2

Originalnachricht

 
--------------------------------------------------------------------------------


Fedora Update Notification

FEDORA-2017-a3a47973eb

2017-04-19 03:08:24.317130

--------------------------------------------------------------------------------




Name        : libxml2

Product     : Fedora 25

Version     : 2.9.4

Release     : 2.fc25

URL         : http://xmlsoft.org/

Summary     : Library providing XML and HTML support

Description :

This library allows to manipulate XML files. It includes support

to read, modify and write XML and HTML files. There is DTDs support

this includes parsing and validation even with complex DtDs, either

at parse time or later once the document has been modified. The output

can be a simple SAX stream or and in-memory DOM like representations.

In this case one can use the built-in XPath and XPointer implementation

to select sub nodes or ranges. A flexible Input/Output mechanism is

available, with existing HTTP and FTP modules and combined to an

URI library.



--------------------------------------------------------------------------------


Update Information:



Update to latest upstream release, includes several security related fixes.

--------------------------------------------------------------------------------


References:



  [ 1 ] Bug #1395609 - CVE-2016-9318 libxml2: XML External Entity
 vulnerability

        https://bugzilla.redhat.com/show_bug.cgi?id=1395609

  [ 2 ] Bug #1384424 - CVE-2016-4658 libxml2: Use after free via namespace node
 in XPointer ranges

        https://bugzilla.redhat.com/show_bug.cgi?id=1384424

  [ 3 ] Bug #1358641 - CVE-2016-5131 chromium-browser: use-after-free in
 libxml

        https://bugzilla.redhat.com/show_bug.cgi?id=1358641

  [ 4 ] Bug #1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in
 xmlNextChar

        https://bugzilla.redhat.com/show_bug.cgi?id=1338711

  [ 5 ] Bug #1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in
 xmlStrncat

        https://bugzilla.redhat.com/show_bug.cgi?id=1338708

  [ 6 ] Bug #1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in
 xmlFAParserPosCharGroup

        https://bugzilla.redhat.com/show_bug.cgi?id=1338706

  [ 7 ] Bug #1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in
 xmlPArserPrintFileContextInternal

        https://bugzilla.redhat.com/show_bug.cgi?id=1338705

  [ 8 ] Bug #1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in
 xmlDictAddString

        https://bugzilla.redhat.com/show_bug.cgi?id=1338703

  [ 9 ] Bug #1338702 - CVE-2016-1836 libxml2: Heap use-after-free in
 xmlDictComputeFastKey

        https://bugzilla.redhat.com/show_bug.cgi?id=1338702

  [ 10 ] Bug #1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities
 content

        https://bugzilla.redhat.com/show_bug.cgi?id=1338701

  [ 11 ] Bug #1338700 - CVE-2016-4448 libxml2: Format string vulnerability

        https://bugzilla.redhat.com/show_bug.cgi?id=1338700

  [ 12 ] Bug #1338696 - CVE-2016-1837 libxml2: Heap use-after-free in
 htmlPArsePubidLiteral and htmlParseSystemiteral

        https://bugzilla.redhat.com/show_bug.cgi?id=1338696

  [ 13 ] Bug #1338691 - CVE-2016-1835 libxml2: Heap use-after-free in
 xmlSAX2AttributeNs

        https://bugzilla.redhat.com/show_bug.cgi?id=1338691

  [ 14 ] Bug #1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due
 to xmlParseName

        https://bugzilla.redhat.com/show_bug.cgi?id=1338686

  [ 15 ] Bug #1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in
 htmlCurrentChar

        https://bugzilla.redhat.com/show_bug.cgi?id=1338682

--------------------------------------------------------------------------------




This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade libxml2' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label



All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung