Security update for libxml2
libxml2 was updated to fix security issues and a regression from the last version update.
Security issues fixed:
- CVE-2016-3627: Fixed stack exhaustion while parsing certain XML files in recovery mode (bnc#972335).
- CVE-2016-3705: Improved protection against the Billion Laughs Attack (bnc#975947).
Regression fixed:
- Fixed XML push parser that fails with bogus UTF-8 encoding error when
multi-byte character in large CDATA section is split across
buffer [bnc#962796]
-
Submitted by
Kristyna Streitova (kstreitova)
Fixed bugs
bnc#962796
openSUSE-SU-2016:0106-1 breaks xml parsing with: Input is not proper UTF-8, indicate encoding
bnc#972335
VUL-0: CVE-2016-3627: libxml2: stack exhaustion while parsing xml files in recovery mode
bnc#975947
VUL-0: CVE-2016-3705: libxml2: crash in xml validator (parser)
