[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1194-1] libxml2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml2
Version        : 2.8.0+dfsg1-7+wheezy11
CVE ID         : CVE-2017-16931 CVE-2017-16932


CVE-2017-16931
     parser.c in libxml2 before 2.9.5 mishandles parameter-entity
     references because the NEXTL macro calls the
     xmlParserHandlePEReference function in the case of a '%' character
     in a DTD name.

CVE-2017-16932
     parser.c in libxml2 before 2.9.5 does not prevent infinite
     recursion in parameter entities.


For Debian 7 "Wheezy", these problems have been fixed in version
2.8.0+dfsg1-7+wheezy11.

We recommend that you upgrade your libxml2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJaIBAZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHW/IP/0fOwwmqwfaZbfAivPns1MRY
/mnJ7ij2dki7AT+0r3nHeuNlhk5RyRQPsJXT46Cqz8FxoODzSfx2O+cFYpFkRYqy
M8EChp2cS6uqjcg3qgrX7ijPMMSQTCs+WiDzaNkFjfngGHMLfphH3wydAysKFyVc
IM/n2p9WzS9MnQcX2Nx4g/jzFYFAwsoyv6vumVrWF5NTgQnvRnEQ1GG+Orajfedb
vyEY6DDbFKcYls3bqhO9NviiERMPPl8kEEBMfAdP/LIJOy+dGm8FwKYQydZGpLXE
+heEWgMNwLtow6ubD/n4A6HjeEnTvaOe8Bx3HopM26O4F9pPgG9/xPAcgTMo9+Yb
pJGNUOMau79F1T094Qb1ZclLkENbQsejoZLUkNNuryrK1q445i3qA800xtSWCGm/
r/VpKlvlcsr662h+jhiU8rSDfvm0W1B0LduGHAsPO6/7+I5nY8XGUGlMLR76wr+6
EyZhe63gz7krrOMkKTXkmNMdZBP5AM4F6v6vd6VopYEYhz0e5Bw5pCe4CJ+Ehr1x
r5KFnUbR6+Z9wiVHh4+0r6c5AEEClD9ZGLyVYY0yeCi0Z/4B7/wVRS362ce96oSh
NgvWSOel6CWYFqlwQUPSfhu7LIil++cdf6r855sB6dPaZ7iWjOQLrjolneIqykRE
iDjGPoBPi9k5pKh7RzBK
=4kqY
-----END PGP SIGNATURE-----


Reply to: