This update for libxml2 fixes the following security issues:
CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a
denial of service (infinite loop) via a crafted XML file that triggers
LZMAMEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279).
CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML
file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint
(bsc#1105166).
CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval()
function when parsing an invalid XPath expression in the XPATHOPAND or
XPATHOPOR case leading to a denial of service attack (bsc#1102046).
CVE-2017-18258: The xz_head function allowed remote attackers to cause a
denial of service (memory consumption) via a crafted LZMA file, because the
decoder functionality did not restrict memory usage to what is required for a
legitimate file (bsc#1088601).