| Errata ID | 524 |
|---|---|
| Date | 2018-10-04 |
| Source package | libxml2 |
| Fixed in version | 2.9.1+dfsg1-5+deb8u7A~4.2.5.201810011416 |
| Description | This update addresses the following issues: * denial of service in xz_head function in xzlib.c (CVE-2017-18258) * NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service (CVE-2018-14404) * Infinite loop when --with-lzma is used allows for denial of service via crafted XML file (CVE-2018-14567) |
| Additional notes | |
| CVE ID | CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 |
| UCS Bug number | #47887 |
