drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in expat (Aktualisierung)
| Name: |
Denial of Service in expat (Aktualisierung) |
|
| ID: |
MDVSA-2009:316-3 |
|
| Distribution: |
Mandriva |
|
| Plattformen: |
Mandriva 2008.0, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0 |
|
| Datum: |
So, 10. Januar 2010, 15:04 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
https://bugzilla.novell.com/show_bug.cgi?id=566434 |
|
| Update von: |
Denial of Service in expat |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1263132030-24326-3289
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:316-3
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : January 10, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in expat:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Update:
The previous (MDVSA-2009:316-2) updates provided packages for
2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased
release number which prevented the packages from hitting the mirrors.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
https://bugzilla.novell.com/show_bug.cgi?id=566434
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
13774ef90c141db6326c7262d3c320c8
2008.0/i586/expat-2.0.1-4.3mdv2008.0.i586.rpm
8cc403e46d7b6c5239763ccef3ac97f6
2008.0/i586/libexpat1-2.0.1-4.3mdv2008.0.i586.rpm
97e7266c3a2bdd6b1e2b3b3046904c98
2008.0/i586/libexpat1-devel-2.0.1-4.3mdv2008.0.i586.rpm
00f546038b5b8efae7e7cbfaa806dae8
2008.0/SRPMS/expat-2.0.1-4.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
bfe2cc21ead72b18a505ac13d3b0857c
2008.0/x86_64/expat-2.0.1-4.3mdv2008.0.x86_64.rpm
dac863ff59aed4282ae59e321f203f93
2008.0/x86_64/lib64expat1-2.0.1-4.3mdv2008.0.x86_64.rpm
37d732528c186489897ecdf7f9585cb8
2008.0/x86_64/lib64expat1-devel-2.0.1-4.3mdv2008.0.x86_64.rpm
00f546038b5b8efae7e7cbfaa806dae8
2008.0/SRPMS/expat-2.0.1-4.3mdv2008.0.src.rpm
Mandriva Linux 2009.0:
1b5e3348c1bbe4ecdbe2d171dbc92f2a
2009.0/i586/expat-2.0.1-7.3mdv2009.0.i586.rpm
d4df428ea77983271d7c31f9bce59669
2009.0/i586/libexpat1-2.0.1-7.3mdv2009.0.i586.rpm
0d0802d87eb78bc64f3ca8195d7cc17b
2009.0/i586/libexpat1-devel-2.0.1-7.3mdv2009.0.i586.rpm
6508d5fba047cf35b6d61259266b82ed
2009.0/SRPMS/expat-2.0.1-7.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
765f5d35b0e1b4ff33d426dc79296851
2009.0/x86_64/expat-2.0.1-7.3mdv2009.0.x86_64.rpm
0905a279e62d648abaa025dec1f262eb
2009.0/x86_64/lib64expat1-2.0.1-7.3mdv2009.0.x86_64.rpm
2562ec57be33f72dbaa5d04cd4a3e566
2009.0/x86_64/lib64expat1-devel-2.0.1-7.3mdv2009.0.x86_64.rpm
6508d5fba047cf35b6d61259266b82ed
2009.0/SRPMS/expat-2.0.1-7.3mdv2009.0.src.rpm
Mandriva Linux 2009.1:
fe1d2d61e0447990a8fea4e133f1c0d1
2009.1/i586/expat-2.0.1-8.3mdv2009.1.i586.rpm
ee800d042612c90ac48004d026d87e18
2009.1/i586/libexpat1-2.0.1-8.3mdv2009.1.i586.rpm
8a556a2c5bcd40d1160fb86d3b24ad93
2009.1/i586/libexpat1-devel-2.0.1-8.3mdv2009.1.i586.rpm
591ceb30bbc21cce048c04d5f67cc3d7
2009.1/SRPMS/expat-2.0.1-8.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
7532d0529c362180c9a1a8fd206f13fd
2009.1/x86_64/expat-2.0.1-8.3mdv2009.1.x86_64.rpm
6b7a604d8c15a39c59bf04e7f26bb90e
2009.1/x86_64/lib64expat1-2.0.1-8.3mdv2009.1.x86_64.rpm
adc29880c73da313bc69d23085963dcd
2009.1/x86_64/lib64expat1-devel-2.0.1-8.3mdv2009.1.x86_64.rpm
591ceb30bbc21cce048c04d5f67cc3d7
2009.1/SRPMS/expat-2.0.1-8.3mdv2009.1.src.rpm
Mandriva Linux 2010.0:
eb556df9f00d67acd20a0b3a4d21f487
2010.0/i586/expat-2.0.1-10.2mdv2010.0.i586.rpm
3f2fe4b31ef2e572aa0f103cec4cac02
2010.0/i586/libexpat1-2.0.1-10.2mdv2010.0.i586.rpm
7787b1cfae235d1146ead95c67240832
2010.0/i586/libexpat1-devel-2.0.1-10.2mdv2010.0.i586.rpm
91c4034ba57643ad09893ee550b124fb
2010.0/SRPMS/expat-2.0.1-10.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
339cbedef9d61586aa4bdef40801db0d
2010.0/x86_64/expat-2.0.1-10.2mdv2010.0.x86_64.rpm
95067327674b3752b6166e631e6c0c54
2010.0/x86_64/lib64expat1-2.0.1-10.2mdv2010.0.x86_64.rpm
9d327cfab29a197b2f2910259ca1f421
2010.0/x86_64/lib64expat1-devel-2.0.1-10.2mdv2010.0.x86_64.rpm
91c4034ba57643ad09893ee550b124fb
2010.0/SRPMS/expat-2.0.1-10.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
0c1e5ed2e68540b127707df985eaa9b2 mes5/i586/expat-2.0.1-7.3mdvmes5.i586.rpm
969c2c861d178394615eba9bd786a2d1
mes5/i586/libexpat1-2.0.1-7.3mdvmes5.i586.rpm
4668e05cf61f067112e4c55f2c864f76
mes5/i586/libexpat1-devel-2.0.1-7.3mdvmes5.i586.rpm
cb94fe0c73aa6140abcf05b277a438d2 mes5/SRPMS/expat-2.0.1-7.3mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
5a1624a1c856992f50a38efa739f5987
mes5/x86_64/expat-2.0.1-7.3mdvmes5.x86_64.rpm
bfb6d7058cf6d4930db4362576839281
mes5/x86_64/lib64expat1-2.0.1-7.3mdvmes5.x86_64.rpm
b314bdc8eabfb001be798e0a382996f3
mes5/x86_64/lib64expat1-devel-2.0.1-7.3mdvmes5.x86_64.rpm
cb94fe0c73aa6140abcf05b277a438d2 mes5/SRPMS/expat-2.0.1-7.3mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLSa6LmqjQ0CJFipgRAismAJwNAoq62MoQe6algI6ORpj32M13EQCfSyOt
LnDKMlnXZBjDtSA1Vggis7E=
=TrDH
-----END PGP SIGNATURE-----
------------=_1263132030-24326-3289
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
------------=_1263132030-24326-3289--
|
|
|
|
