Debian 10228 Published by

The following two updates are available for Debian 6 LTS:

[DLA 373-1] libxml2 security update
[DLA 374-1] cacti security update



[DLA 373-1] libxml2 security update

Package : libxml2
Version : 2.7.8.dfsg-2+squeeze16
CVE ID : CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499
CVE-2015-7500

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause that application to use an
excessive amount of CPU, leak potentially sensitive information, or
crash the application.

CVE-2015-5312: CPU exhaustion when processing specially crafted XML input.
CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey.
CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl.
CVE-2015-7499: Heap-based buffer overflow in xmlGROW.
CVE-2015-7500: Heap buffer overflow in xmlParseMisc.

[DLA 374-1] cacti security update

Package : cacti
Version : 0.8.7g-1+squeeze9+deb6u11
CVE IDs : CVE-2015-8369 CVE-2015-8377
Debian Bug : 807599

It was discovered that there were SQL injection vulnerabilities in
cacti, a web interface for graphing of monitoring systems.

For Debian 6 Squeeze, this issue has been fixed in cacti version
0.8.7g-1+squeeze9+deb6u11.