Debian 9859 Published by

The following updates has been released for both Debian GNU/Linux 8 and 9:

DSA 4084-1: gifsicle security update
DSA 4085-1: xmltooling security update



DSA 4084-1: gifsicle security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4084-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
January 12, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gifsicle
CVE ID : CVE-2017-1000421

It was discovered that gifsicle, a tool for manipulating GIF image
files, contained a flaw that could lead to arbitrary code execution.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.86-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.88-3+deb9u1.

We recommend that you upgrade your gifsicle packages.

For the detailed security status of gifsicle please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gifsicle

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4085-1: xmltooling security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4085-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xmltooling
CVE ID : CVE-2018-0486

Philip Huppert discovered the Shibboleth service provider is vulnerable
to impersonation attacks and information disclosure due to mishandling
of DTDs in the XMLTooling XML parsing library. For additional details
please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20180112.txt

For the oldstable distribution (jessie), this problem has been fixed
in version 1.5.3-2+deb8u2.

The stable distribution (stretch) is not affected.

We recommend that you upgrade your xmltooling packages.

For the detailed security status of xmltooling please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xmltooling

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/