The following two updates has been released for Debian GNU/Linux 7 LTS:
DLA 1060-1: libxml2 security update
DLA 1061-1: newsbeuter security update
DLA 1060-1: libxml2 security update
DLA 1061-1: newsbeuter security update
DLA 1060-1: libxml2 security update
Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy9
CVE ID : CVE-2017-0663 CVE-2017-7376
CVE-2017-0663
Invalid casting of different structs could enable an attacker to
remotely execute some code within the context of an unprivileged
process.
CVE-2017-7376
Incorrect limit used for port values.
For Debian 7 "Wheezy", these problems have been fixed in version
2.8.0+dfsg1-7+wheezy9.
We recommend that you upgrade your libxml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1061-1: newsbeuter security update
Package : newsbeuter
Version : 2.5-2+deb7u2
CVE ID : CVE-2017-12904
Jeriko One discovered that newsbeuter, a text-mode RSS feed reader,
did not properly escape the title and description of a news article
when bookmarking it. This allowed a remote attacker to run an
arbitrary shell command on the client machine.
For Debian 7 "Wheezy", these problems have been fixed in version
2.5-2+deb7u2.
We recommend that you upgrade your newsbeuter packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
