[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Stretch openstack images updated to version 9.1.3-20170825

Just released, including security updates:


Updates in 1 source package(s), 2 binary package(s):

  Source libxml2, binaries: libxml2:amd64 libxml2:arm64  
  libxml2 (2.9.4+dfsg1-2.2+deb9u1) stretch-security; urgency=high
    * Non-maintainer upload by the Security Team.
    * Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
      Incorrect limit was used for port values. (Closes: #870865)
    * Prevent unwanted external entity reference (CVE-2017-7375)
      Missing validation for external entities in xmlParsePEReference.
      (Closes: #870867)
    * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
      - Heap-based buffer over-read in function xmlDictComputeFastKey
      - Heap-based buffer over-read in function xmlDictAddString
      (Closes: #863019, #863018)
    * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
      - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
      - Stack-based buffer overflow in function xmlSnprintfElementContent
      (Closes: #863022, #863021)
    * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
      Heap buffer overflow in xmlAddID. (Closes: #870870)

Steve McIntyre, Cambridge, UK.                                steve@einval.com
"You can't barbecue lettuce!" -- Ellie Crane

Attachment: signature.asc
Description: PGP signature

Reply to: