[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3952-1] libxml2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3952-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 23, 2017                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxml2
CVE ID         : CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047
                 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050
Debian Bug     : 863018 863019 863021 863022 870865 870867 870870

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause a denial-of-service against
the application, information leaks, or potentially, the execution of
arbitrary code with the privileges of the user running the application.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.9.1+dfsg1-5+deb8u5.

For the stable distribution (stretch), these problems have been fixed in
version 2.9.4+dfsg1-2.2+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 2.9.4+dfsg1-3.1.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmdClhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RTNA/6A14KBoqfAomcDn0clLxX6jvlmFlHuiYxZPKSLZmyLAWVSNzF+DdpBFZZ
bneTYYbjHvi8A7ESuAp7L7mmEERe3XM3NV5aNNe0FZwh3+DY8RCrn82rqNoGgeP6
hzoMTvZr6WZXKjbAiVpCDxzH/o/6/xlPIb6yzUQgHlgPrj3QfHWpamS2hOT+Pfj+
WO3T51TRU3PDaL6J9VgYk9lcAD+DlDtdHDszsq4Jupp8oG4Bu+lf8L8in2bkfOB4
xYqACwXb+BoIkCHZbn+sroe1HnMqfDPV59tm7Sq95ZIaB9SoJZBnx7R0jTUv+ogS
rvTT+C2sXlH8Qx+xBbMxBU7a2W1zsdQMqfW4cSARA7Fs25Owv44W9N6JGumM/y1z
Mj5tcPXittRHbcLVI/jNxNyM1BQeQup93hf3LWAr8Q8g9/2KN8mqC5Z4pbAJ+UV2
sI29w1IUC1Rovj048FI/nutktcbzuzStykIrp9exKmjTvEmw2CZv4kq9IjhGvJqj
MIKIzmSrK/ZLILlPgXNCW9bqDlqOjzDFaKOPQ8tM8FcB+Zuk8mwR8TrnMQ6Y/qQo
wKCx6aBjyvIEAkO2oBAAycMP8T5SO6rJCCF7mUb83Cc3UNvj6eYw1s9Cg+EDnrE9
HDU/xTJrXYB0mqqi+KLXnMAQNGfa188/5KKHBzBnVSJNS0UJhxA=
=+EgK
-----END PGP SIGNATURE-----


Reply to: