The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1242-1: xmltooling security update
Debian GNU/Linux 8 and 9:
DSA 4087-1: transmission security update
Debian GNU/Linux 7 LTS:
DLA 1242-1: xmltooling security update
Debian GNU/Linux 8 and 9:
DSA 4087-1: transmission security update
DLA 1242-1: xmltooling security update
Package : xmltooling
Version : 1.4.2-5+deb7u2
CVE ID : CVE-2018-0486
Philip Huppert discovered the Shibboleth service provider is vulnerable
to impersonation attacks and information disclosure due to mishandling
of DTDs in the XMLTooling XML parsing library. For additional details
please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20180112.txt
For Debian 7 "Wheezy", these problems have been fixed in version
1.4.2-5+deb7u2.
We recommend that you upgrade your xmltooling packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4087-1: transmission security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4087-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : transmission
CVE ID : not yet available
Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent
client; insecure RPC handling between the Transmission daemon and the
client interface(s) may result in the execution of arbitrary code if a
user visits a malicious website while Transmission is running.
For the oldstable distribution (jessie), this problem has been fixed
in version 2.84-0.2+deb8u1.
For the stable distribution (stretch), this problem has been fixed in
version 2.92-2+deb9u1.
We recommend that you upgrade your transmission packages.
For the detailed security status of transmission please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/transmission
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/