Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2122 libxml2 security update 23 August 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libxml2 Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-9050 CVE-2017-9049 CVE-2017-9048 CVE-2017-9047 CVE-2017-7376 CVE-2017-7375 CVE-2017-0663 Reference: ASB-2017.0080 Original Bulletin: http://www.debian.org/security/2017/dsa-3952 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Debian Bug : 863018 863019 863021 863022 870865 870867 870870 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, information leaks, or potentially, the execution of arbitrary code with the privileges of the user running the application. For the oldstable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 2.9.4+dfsg1-3.1. We recommend that you upgrade your libxml2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmdClhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RTNA/6A14KBoqfAomcDn0clLxX6jvlmFlHuiYxZPKSLZmyLAWVSNzF+DdpBFZZ bneTYYbjHvi8A7ESuAp7L7mmEERe3XM3NV5aNNe0FZwh3+DY8RCrn82rqNoGgeP6 hzoMTvZr6WZXKjbAiVpCDxzH/o/6/xlPIb6yzUQgHlgPrj3QfHWpamS2hOT+Pfj+ WO3T51TRU3PDaL6J9VgYk9lcAD+DlDtdHDszsq4Jupp8oG4Bu+lf8L8in2bkfOB4 xYqACwXb+BoIkCHZbn+sroe1HnMqfDPV59tm7Sq95ZIaB9SoJZBnx7R0jTUv+ogS rvTT+C2sXlH8Qx+xBbMxBU7a2W1zsdQMqfW4cSARA7Fs25Owv44W9N6JGumM/y1z Mj5tcPXittRHbcLVI/jNxNyM1BQeQup93hf3LWAr8Q8g9/2KN8mqC5Z4pbAJ+UV2 sI29w1IUC1Rovj048FI/nutktcbzuzStykIrp9exKmjTvEmw2CZv4kq9IjhGvJqj MIKIzmSrK/ZLILlPgXNCW9bqDlqOjzDFaKOPQ8tM8FcB+Zuk8mwR8TrnMQ6Y/qQo wKCx6aBjyvIEAkO2oBAAycMP8T5SO6rJCCF7mUb83Cc3UNvj6eYw1s9Cg+EDnrE9 HDU/xTJrXYB0mqqi+KLXnMAQNGfa188/5KKHBzBnVSJNS0UJhxA= =+EgK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWZ0flYx+lLeg9Ub1AQimWA/7Bq5acC8kwkzC+TaCJzEThI2iCNkxlZLW 298FfqVoAoMFwQUCRNTNYe5zVF4hIhxalw3nUnJA1rifPCePwNLbfb4NJYIE3eFu f4/30ar63HJ1oJ63AMA9I/iM/t8DfMPVLmoNrWeLSUfOcGHsXVdJBzdi/JeReuzl DB2Zp0JzdzwdjjWvv6FLXbFoZmGII8W9B1fjE9FmFVsLDZh+yB47lS08RxWL6mSE bDESfrVz9xFz7Yy/Q7Gmm6QtUg+qkl0e7HGiAbOgw5GOm8kSWiV9GlyG59Pg6nGW oXpcgvH2gwmG8P0+eZgDpdlFm57aHO70NM3JuKmgyuuqj9Xosby47WlWEPHhuFJZ 6dW6FnY+o6fjVt4GiX6lKEFNE0ivWvw00zcXTJTmf/9FKS95J+ZIKiVL94OFaCTo IVYsg9WYjfaNO1283Y+6XDyKOGW/2zO3lIBldcqxoObF/zA764r9euIdx/xogesi t+EnE6xzL+pEYV/yaKcL50D22UNIMXmhNuFcrAkvR41hfFtA3lZ2+RmRL5zxY1hp IuA8qrloIyzx8LdnWaSU7eaCL1P90I3EVVdMbETCqOWwUTDzLUsJiQ4L+zfJAD4p +acjb4B//5ypA5aVnJdq6mlRb6lKiN5m234/WxKTC9Ptj0giXZ3uM4f8MSB1v00U AZ1PO3hELhw= =THml -----END PGP SIGNATURE-----