Errata overview
Errata ID 524
Date 2018-10-04
Source package libxml2
Fixed in version 2.9.1+dfsg1-5+deb8u7A~
This update addresses the following issues:
* denial of service in xz_head function in xzlib.c (CVE-2017-18258)
* NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow
  attackers to cause a denial of service (CVE-2018-14404)
* Infinite loop when --with-lzma is used allows for denial of service via
  crafted XML file (CVE-2018-14567)
Additional notes
CVE ID CVE-2017-18258
UCS Bug number #47887