MGASA-2015-0457

Updated libxml2 packages fix security vulnerabilities:

In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service (CVE-2015-5312).

In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to randomize the dictionary key generation, causing a heap buffer overflow in xmlDictComputeFastQKey (CVE-2015-7497).

In libxml2 before 2.9.3, after encoding conversion failures, the parser was continuing to process to extract more errors, which can potentially lead to unexpected behaviour (CVE-2015-7498).

In libxml2 before 2.9.3, the parser failed to detect a case where the current pointer to the input was out of range, leaving it in an incoherent state (CVE-2015-7499).

In libxml2 before 2.9.3, a memory access error could happen while processing a start tag due to incorrect entities boundaries (CVE-2015-7500).

In libxml2 before 2.9.3, a buffer overread in xmlNextChar due to extra processing of MarkupDecl after EOF has been reached (CVE-2015-8241).

In libxml2 before 2.9.3, stack-basedb uffer overead with HTML parser in push mode (CVE-2015-8242).

In libxml2 before 2.9.3, out of bounds heap reads could happen due to failure processing the encoding declaration of the XMLDecl in xmlParseEncodingDecl (CVE-2015-8317).

In libxml2 before 2.9.3, out of bounds memory access via unclosed html comment (CVE-2015-8710).