Debian 9859 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 LTS:
DLA 1242-1: xmltooling security update

Debian GNU/Linux 8 and 9:
DSA 4087-1: transmission security update



DLA 1242-1: xmltooling security update




Package : xmltooling
Version : 1.4.2-5+deb7u2
CVE ID : CVE-2018-0486

Philip Huppert discovered the Shibboleth service provider is vulnerable
to impersonation attacks and information disclosure due to mishandling
of DTDs in the XMLTooling XML parsing library. For additional details
please refer to the upstream advisory at

https://shibboleth.net/community/advisories/secadv_20180112.txt

For Debian 7 "Wheezy", these problems have been fixed in version
1.4.2-5+deb7u2.

We recommend that you upgrade your xmltooling packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DSA 4087-1: transmission security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4087-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : transmission
CVE ID : not yet available

Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent
client; insecure RPC handling between the Transmission daemon and the
client interface(s) may result in the execution of arbitrary code if a
user visits a malicious website while Transmission is running.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.84-0.2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 2.92-2+deb9u1.

We recommend that you upgrade your transmission packages.

For the detailed security status of transmission please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/transmission

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/