1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3430-1] libxml2 security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Dec 23 14:30:02 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3430-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libxml2
    CVE ID : CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498
    CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942
    CVE-2015-8035 CVE-2015-8241 CVE-2015-8317
    Debian Bug : 782782 782985 783010 802827 803942 806384

    Several vulnerabilities were discovered in libxml2, a library providing
    support to read, modify and write XML and HTML files. A remote attacker
    could provide a specially crafted XML or HTML file that, when processed
    by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or
    crash the application.

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 2.8.0+dfsg1-7+wheezy5.

    For the stable distribution (jessie), these problems have been fixed in
    version 2.9.1+dfsg1-5+deb8u1.

    For the testing distribution (stretch), these problems have been fixed
    in version 2.9.3+dfsg1-1 or earlier versions.

    For the unstable distribution (sid), these problems have been fixed in
    version 2.9.3+dfsg1-1 or earlier versions.

    We recommend that you upgrade your libxml2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWep78AAoJEAVMuPMTQ89E4woQAJn6zU515xEJPsS6VyCcXa8K 9FwfpWG7AE2aM4QcvNALBARGXzREv9/VjankMaZ7TCcCu545PCH984lKQGTve7Wy xcXCTfGAfhV1dsNT5TbD5FbQGNblFdtNEFzYe2K78XN4+YhaSfkgf8dMzc4ZTrlv +RqUNF04bYta6Fbk7dmkQLdU090AzdgYRo3D9B8ITRU/dX0VpPGdZYkXCCAdHcjZ oqtMM94ccSMGfAGYdv/MppA873ABCcrLctdJMe0o+FkK0aku59b7eDoegJTwLsgq R3Q/6lr3oRHPpQAUDOEluAKssKCAWfxDtFOTkV8nnZgeW0p7KT1xjLSeRzoJENVq 7iUHSvCHrJK/3OCwdIA46HCYnWHsOO6C0+GaPSxCqv8bS+ugZVHG5imltQEd389O ZSk0qfgh1p4tMDj9kQGX4w8HMu2+p7n0Y88ahIkeQLhJ/2Za5f9Q9vlFUe7G+hAa KEj7Uhy2hf9So5E0n1NWqiOTg+yHYFE1A3Xct9UCb3Ms59785UgXtuRmtkbKmwS2 Qq4ZuLkZnZ9ie4GjRjQ1ho8xOiu+52/Z1UaH3gzq/7mDVe824UO+Tp4tWGoLotR2 OOfUeB4rwxprdPqmhjLnwEqyv3LYjFxZp0kJuVCelkVWX/7iwM3pq5ywQN3pmBVz rMwAmJi8BkVrzA0E2vep
    =++B/
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)