-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libxml2 CVE ID : CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Debian Bug : 863018 863019 863021 863022 870865 870867 870870 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, information leaks, or potentially, the execution of arbitrary code with the privileges of the user running the application. For the oldstable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 2.9.4+dfsg1-3.1. We recommend that you upgrade your libxml2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmdClhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RTNA/6A14KBoqfAomcDn0clLxX6jvlmFlHuiYxZPKSLZmyLAWVSNzF+DdpBFZZ bneTYYbjHvi8A7ESuAp7L7mmEERe3XM3NV5aNNe0FZwh3+DY8RCrn82rqNoGgeP6 hzoMTvZr6WZXKjbAiVpCDxzH/o/6/xlPIb6yzUQgHlgPrj3QfHWpamS2hOT+Pfj+ WO3T51TRU3PDaL6J9VgYk9lcAD+DlDtdHDszsq4Jupp8oG4Bu+lf8L8in2bkfOB4 xYqACwXb+BoIkCHZbn+sroe1HnMqfDPV59tm7Sq95ZIaB9SoJZBnx7R0jTUv+ogS rvTT+C2sXlH8Qx+xBbMxBU7a2W1zsdQMqfW4cSARA7Fs25Owv44W9N6JGumM/y1z Mj5tcPXittRHbcLVI/jNxNyM1BQeQup93hf3LWAr8Q8g9/2KN8mqC5Z4pbAJ+UV2 sI29w1IUC1Rovj048FI/nutktcbzuzStykIrp9exKmjTvEmw2CZv4kq9IjhGvJqj MIKIzmSrK/ZLILlPgXNCW9bqDlqOjzDFaKOPQ8tM8FcB+Zuk8mwR8TrnMQ6Y/qQo wKCx6aBjyvIEAkO2oBAAycMP8T5SO6rJCCF7mUb83Cc3UNvj6eYw1s9Cg+EDnrE9 HDU/xTJrXYB0mqqi+KLXnMAQNGfa188/5KKHBzBnVSJNS0UJhxA= =+EgK -----END PGP SIGNATURE-----