Security update for libxml2
This update for libxml2 fixes the following issues:
* CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544]
* Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873]
* CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497).
For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files
and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Simon Lees (simotek)
Fixed bugs
bnc#1013930
L3: VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability - Request for patch for SLES 11 SP3 LTSS x86_64
bnc#1005544
VUL-0: CVE-2016-4658: libxml2: Use after free via namespace node in XPointer ranges
bnc#1010675
VUL-0: CVE-2016-9318: libxml2: XML External Entity vulnerability
bnc#1014873
Bug/Security fix request for SLES 11 SP3 LTSS: libxml2
bnc#1017497
VUL-0: CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file
