[SECURITY] [DLA 1524-1] libxml2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libxml2
Version : 2.9.1+dfsg1-5+deb8u7
CVE ID : CVE-2017-18258 CVE-2018-9251 CVE-2018-14404
CVE-2018-14567
CVE-2018-14404
Fix of a NULL pointer dereference which might result in a crash and
thus in a denial of service.
CVE-2018-14567 and CVE-2018-9251
Approvement in LZMA error handling which prevents an infinite loop.
CVE-2017-18258
Limit available memory to 100MB to avoid exhaustive memory
consumption by malicious files.
For Debian 8 "Jessie", these problems have been fixed in version
2.9.1+dfsg1-5+deb8u7.
We recommend that you upgrade your libxml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJbrTe0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHP9wP/jNkZz52oACaiay+yr8Ob8Iw
LpLqK24THqWa2lDCNL0a7K+4TKJLrezCyVZgMmS+tmothYm4HyyjuptVaACfpsBO
bXcUXupE7+IOEq2WX1TK4mND0j9LwkqYBhgFALMpeRe/4iGVSL2oPdLo37OqGF3S
ncgk7t8CKiSuyDeDPHXF4K23dqWiGkMJctG1AhVg9P7agXDoDFcnlEE0bmCSTqOx
AeuDxlJpvyna2GdaZZhAytL7ImEPE+C0bVOXKreZ4rtVRI+yVIa9/8+i7/Z9H4EH
swEn+nPhRveu/T+7PKsJfWckoydZYmkUQ4iQPZmxkunmIVYMnX4CLtBmyKRX2Lgo
Uu3qjdbCagTtk+Yyjn3iQDXqYp1pA5RVe9E8SJwKhy0cpnb0Lu0dS1aZPgSMKVup
8LNGKBsGatsgLSoXoG1FZvnDA4jHzwQMJf6phkEnT2F6t4fvSxKX/7bUxlgaMd3R
vbK5GNbvJEhmFGMYa2q11wZECB1hcxLibTs/39TmoKdjTK+7TJpY3zCdqQvktb/S
1Z5V8E7BK22hop3x0bq9PSTt7C+5C2z7s8EN7DREoLvPkPo6C5n9Xq+32hp78pSY
lSuCB1Uo2emSq3FmoFbazei0ocLUI4nIa1M90ZuI5LGjWEmrnsmW2ffgM9J2OXxJ
abDRqExRCGg4YAPrEUJB
=zQMj
-----END PGP SIGNATURE-----
Reply to: