[ubuntu-cloud-archive/mitaka-proposed] libxml2 (Accepted)

Ryan Beisner ryan.beisner at canonical.com
Wed Sep 27 21:23:48 UTC 2017


 libxml2 (2.9.3+dfsg1-1ubuntu0.3~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 libxml2 (2.9.3+dfsg1-1ubuntu0.3) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: type confusion leading to out-of-bounds write
     - debian/patches/CVE-2017-0663.patch: eliminate cast
     - CVE-2017-0663
   * SECURITY UPDATE: XML external entity (XXE) vulnerability
     - debian/patches/CVE-2017-7375.patch: add validation for parsed
       entity references
     - CVE-2017-7375
   * SECURITY UPDATE: buffer overflow in URL handling
     - debian/patches/CVE-2017-7376.patch: allocate enough memory for
       ports in HTTP redirect support
     - CVE-2017-7376
   * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
     - debian/patches/CVE-2017-9047-9048.patch: ensure enough space
       remains in buffer for copied data
     - CVE-2017-9047, CVE-2017-9048
   * SECURITY UPDATE: heap based buffer overreads in
     xmlDictComputeFastKey()
     - debian/patches/CVE-2017-9049-9050.patch: drop uneccessary
       expansions, add additional sanity check
     - CVE-2017-9049, CVE-2017-9050

Date: Tue, 19 Sep 2017 12:05:13 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Ryan Beisner <ryan.beisner at canonical.com>


More information about the Cloud-archive-changes mailing list