Debian 10225 Published by

A smb4k update is available for Debian GNU/Linux 8:
DSA 3951-1: smb4k security update

and new libxml2 packages has been released for both Debian GNU/Linux 8 and 9:
DSA 3952-1: libxml2 security update



DSA 3951-1: smb4k security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-3951-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : smb4k
CVE ID : CVE-2017-8849

Sebastian Krahmer discovered that a programming error in the mount
helper binary of the Smb4k Samba network share browser may result in
local privilege escalation.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.2.1-2~deb8u1.

We recommend that you upgrade your smb4k packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 3952-1: libxml2 security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-3952-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 23, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxml2
CVE ID : CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047
CVE-2017-9048 CVE-2017-9049 CVE-2017-9050
Debian Bug : 863018 863019 863021 863022 870865 870867 870870

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause a denial-of-service against
the application, information leaks, or potentially, the execution of
arbitrary code with the privileges of the user running the application.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.9.1+dfsg1-5+deb8u5.

For the stable distribution (stretch), these problems have been fixed in
version 2.9.4+dfsg1-2.2+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 2.9.4+dfsg1-3.1.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/