[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Jessie openstack image updated to version 8.9.3-20170825



Just released, including a security update:

8.9.3-20170825

Updates in 1 source package(s), 1 binary package(s):

  Source libxml2, binaries: libxml2:amd64  
  libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
      Incorrect limit was used for port values. (Closes: #870865)
    * Prevent unwanted external entity reference (CVE-2017-7375)
      Missing validation for external entities in xmlParsePEReference.
      (Closes: #870867)
    * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
      - Heap-based buffer over-read in function xmlDictComputeFastKey
        (CVE-2017-9049).
      - Heap-based buffer over-read in function xmlDictAddString
        (CVE-2017-9050).
      (Closes: #863019, #863018)
    * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
      CVE-2017-9048)
      - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
      - Stack-based buffer overflow in function xmlSnprintfElementContent
        (CVE-2017-9048).
      (Closes: #863022, #863021)
    * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
      Heap buffer overflow in xmlAddID. (Closes: #870870)

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
Google-bait:       http://www.debian.org/CD/free-linux-cd
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Attachment: signature.asc
Description: PGP signature


Reply to: