Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.58. libxml2

Updated libxml2 packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
The libxml2 software library is used to manipulate XML files. It includes support to read, modify and write XML and HTML files. It is also the basis for the libxslt library which processes XSLT-1.0 stylesheets.

Bug Fixes

BZ#915350
Due to errors in the internal regular expression support, libxml2 sometimes failed when validating XMLs with certain XSD and Relax-NG files. Currently, the relaxng and xmlregexp codes are modified and libxml2 can now validate XMLs with those specific XSD and Relax-NG files.
BZ#915837
Previously, an internal routine xmlDOMWrapCloneNode would fail to preserve the namespace of an XML element being copied, which caused the namespace of the parameter node to be omitted from the copy. With this update, the problem no longer occurs.
Users of libxml2 parser are advised to upgrade to these updated packages, which fix these bugs.
Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,is available from the CVE link associated with the description below.
The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix

CVE-2013-0338
A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption.
All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
Updated libxml2 packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The libxml2 software library is used to manipulate XML files. Among the operations allowed, it can validate XML files against XML Schematics.

Bug Fix

BZ#987321
This update fixes a regression that was introduced by the RHBA-2013:0591 advisory. This regression added a flaw in the XML schema compilation process. This flaw caused libxml2 to fail to compile some XML schemas, indicating that they had a non-deterministic content model. The broken code is now fixed, so libxml2 can compile those schemas and validate XMLs as expected.
Users of libxml2 are advised to upgrade to these updated packages, which fix this regression. The desktop must be restarted (log out, then log back in) for this update to take effect.