[ubuntu/xenial-security] libxml2 2.9.3+dfsg1-1ubuntu0.3 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Mon Sep 18 23:57:06 UTC 2017
libxml2 (2.9.3+dfsg1-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: type confusion leading to out-of-bounds write
- debian/patches/CVE-2017-0663.patch: eliminate cast
- CVE-2017-0663
* SECURITY UPDATE: XML external entity (XXE) vulnerability
- debian/patches/CVE-2017-7375.patch: add validation for parsed
entity references
- CVE-2017-7375
* SECURITY UPDATE: buffer overflow in URL handling
- debian/patches/CVE-2017-7376.patch: allocate enough memory for
ports in HTTP redirect support
- CVE-2017-7376
* SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
- debian/patches/CVE-2017-9047-9048.patch: ensure enough space
remains in buffer for copied data
- CVE-2017-9047, CVE-2017-9048
* SECURITY UPDATE: heap based buffer overreads in
xmlDictComputeFastKey()
- debian/patches/CVE-2017-9049-9050.patch: drop uneccessary
expansions, add additional sanity check
- CVE-2017-9049, CVE-2017-9050
Date: 2017-09-16 00:12:24.882876+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list