Heap-based buffer overflow was found in xmlParseXmlDecl. When conversion failure happens, parser continues to extract more errors which may lead to unexpected behaviour. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756527 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43
Acknowledgments: Name: the GNOME project Upstream: Kostya Serebryany
Upstream commit: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
This issue has been addressed in the following products: Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html