[security-announce] libxml2: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Wed Nov 4 12:48:12 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: libxml2
Severity: Medium
CVE Names: CVE-2015-7942
Layer: poky
=========================================================

This security update fixes heap-based buffer overflow in
xmlParseConditionalSections().


Description
===========
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1276297

Upstream patch: https://git.gnome.org/browse/libxml2/commit/
?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456

Correction for Enea Linux
http://git.enea.com/cgit/linux/poky.git/commit/?h=dizzy&id=bf6c30908948b
7bc9be1206fe88c09dc3f526387


How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-enea.git;
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy git://git.enea.com/linux/meta-
vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWOfB7AAoJEHc+9u9ocWoUbDIQAKBVD1H+LzdNLHfOY5raU4cM
zu3n9QQ1ViMdIFbflqd22cz8y2iXL3HrPrww2Kc89etMbpwriRInszWKh+BiHFFg
K98HF4nn0LpqppAhG8qLTLE1IGvao7adN1ElCgtzvVhfl7qIOvzFuUhfj/fhWrQp
iFPES3Z2KTJGQePzf90CvwkVlQ6nHDffr4TJFoIHZfcUj8B30sBsASftH0pYwNsX
ftM+RNQuSMceImBrPRi57V98I7y2ccZl/odQdODZfBmP/QCvDvVYeDbEDBKcc1EH
8ZLNCDFcuMMQ0/qfJAVQB+4VI57wHYm+O1JqmHr6Lq7G2CPoVXtr77lEDVo35FOs
DIXfEKVzs1XK+eneN1cPhlu1J59TeEWqO7XYtDVoL+1q/CDfYLx9I51hnf1LxPkW
tMbjFDYSqsg3FgI/YODOhfJ0eV5rW1ekpi8mPXCVJnBGRKRJLqysdhx1SOrii3iN
7VUUPHl03ZbUBcVxELtup9DxrWY7KdkND63SJg34Na9OkuNASB2pqAndIjHYX1Tn
qOOTyvstPST3MhCEh4GM4IdUI33M4qYExhzmjBpxEveTcRZCX2Ed+BgFijXnsuuO
43jcqPZVBoezKmAvsGoyBa5WpoMuuohE7lwswTIq7JYMUp1w9VSUUye0nD0i9VXA
Lw++S3/zYKoV0ulR4/gI
=z28w
-----END PGP SIGNATURE-----



More information about the security-announce mailing list