-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1953-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch December 15, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : expat Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id : CVE-2009-3560 Debian Bug : 560901
Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
For the old stable distribution (etch), this problem has been fixed in version 1.95.8-3.4+etch2.
For the stable distribution (lenny), this problem has been fixed in version 2.0.1-4+lenny2.
For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be in version 2.0.1-6.
The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available.
We recommend that you upgrade your expat packages.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable) - -------------------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc.
Source archives:
expat_1.95.8-3.4+etch2.diff.gz Size/MD5 checksum: 413321 e6d99f30014fccc0ffb9db1554ba1472 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e expat_1.95.8-3.4+etch2.dsc Size/MD5 checksum: 703 50e1e2ab47fe419e89ef671991ddb3f0
alpha architecture (DEC Alpha)
libexpat1_1.95.8-3.4+etch2_alpha.deb Size/MD5 checksum: 69460 59616e932bcd8c86ecd4998fe633f5ee libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb Size/MD5 checksum: 61198 39a8aaec6ba02d5a206e44db95bc5d87 libexpat1-dev_1.95.8-3.4+etch2_alpha.deb Size/MD5 checksum: 143250 ac848be2b40296fbdf3a6a6eeed551f4 expat_1.95.8-3.4+etch2_alpha.deb Size/MD5 checksum: 22360 e3b52bc716fa975c4cc43cc9a00a4546
amd64 architecture (AMD x86_64 (AMD64))
libexpat1_1.95.8-3.4+etch2_amd64.deb Size/MD5 checksum: 64628 0ebf8bb1e3b55cf8e751f638881eee14 expat_1.95.8-3.4+etch2_amd64.deb Size/MD5 checksum: 21518 4ee3b94bccadb231c5ee8e47b9ebe053 libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb Size/MD5 checksum: 56436 e856562cc8156f88ef07d3b79aac9336 libexpat1-dev_1.95.8-3.4+etch2_amd64.deb Size/MD5 checksum: 133908 30ba0c9b11641b960327577a65ff4423
arm architecture (ARM)
libexpat1_1.95.8-3.4+etch2_arm.deb Size/MD5 checksum: 57250 1b0a1f0cf411bb0d437f3a01e5cd3593 libexpat1-dev_1.95.8-3.4+etch2_arm.deb Size/MD5 checksum: 126100 0f0bcf322522ee564f1c006b9172a873 expat_1.95.8-3.4+etch2_arm.deb Size/MD5 checksum: 19798 eaea089d8c4d2bfc14ecf7a72f149202 libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb Size/MD5 checksum: 49400 07e75e50c1b7adae634d77763bd5e86e
hppa architecture (HP PA RISC)
libexpat1-dev_1.95.8-3.4+etch2_hppa.deb Size/MD5 checksum: 149462 2a9bead50733246e3cc1f8b52c283d6c expat_1.95.8-3.4+etch2_hppa.deb Size/MD5 checksum: 22684 44dd6038115624b780f51314b38d1819 libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb Size/MD5 checksum: 64792 aa392afb507d07a4eb4061e6368afd04 libexpat1_1.95.8-3.4+etch2_hppa.deb Size/MD5 checksum: 73014 a8317a8f7a03f9aa5561fe43fbbdbcae
i386 architecture (Intel ia32)
libexpat1_1.95.8-3.4+etch2_i386.deb Size/MD5 checksum: 63130 28f26b307f7cb5b133c7d7b0b7f336dc expat_1.95.8-3.4+etch2_i386.deb Size/MD5 checksum: 21090 67a8e21213321cf54be9dc58380ce45f libexpat1-dev_1.95.8-3.4+etch2_i386.deb Size/MD5 checksum: 129822 4e06399f0079e7608d25430ded374d97 libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb Size/MD5 checksum: 54984 64b2c0654425bd1234f5394efb1e2d69
ia64 architecture (Intel ia64)
libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb Size/MD5 checksum: 87362 c78054403944437ce5ddfa700ee04532 libexpat1-dev_1.95.8-3.4+etch2_ia64.deb Size/MD5 checksum: 164964 11efdcba7612853f816112c1b99437d0 expat_1.95.8-3.4+etch2_ia64.deb Size/MD5 checksum: 25076 e6f02ab66bde8b7de92ef2d97b60f9c0 libexpat1_1.95.8-3.4+etch2_ia64.deb Size/MD5 checksum: 95858 fe960e6af68f6e12429ee8eb600d80f9
mips architecture (MIPS (Big Endian))
libexpat1-udeb_1.95.8-3.4+etch2_mips.udeb Size/MD5 checksum: 56612 a917e2fe1206a9614fb7b9c04eb88a86 expat_1.95.8-3.4+etch2_mips.deb Size/MD5 checksum: 21600 fbcd5b817b80aaa9856698d68a6fa455 libexpat1-dev_1.95.8-3.4+etch2_mips.deb Size/MD5 checksum: 141918 dc95f50a8665aeb063885bc989d1315f libexpat1_1.95.8-3.4+etch2_mips.deb Size/MD5 checksum: 64702 cd4cee2ee2b4cb36d6f822998c5d7d20
powerpc architecture (PowerPC)
expat_1.95.8-3.4+etch2_powerpc.deb Size/MD5 checksum: 22948 50ae9c0fa46faebf9a4eafeb2fb40b9a libexpat1-udeb_1.95.8-3.4+etch2_powerpc.udeb Size/MD5 checksum: 59448 4d212532482851f7a463ede5419f1791 libexpat1-dev_1.95.8-3.4+etch2_powerpc.deb Size/MD5 checksum: 148146 381b2f1b56ec4b803cf904e0cd58e4ec libexpat1_1.95.8-3.4+etch2_powerpc.deb Size/MD5 checksum: 67650 de0a12471a24bc12da5c7b4cd33bba07
s390 architecture (IBM S/390)
libexpat1_1.95.8-3.4+etch2_s390.deb Size/MD5 checksum: 64906 f480563f4ff6a0f77dbd0a490a973b9d libexpat1-udeb_1.95.8-3.4+etch2_s390.udeb Size/MD5 checksum: 56770 7854d9f4ce32b1963ede0790b69904d0 expat_1.95.8-3.4+etch2_s390.deb Size/MD5 checksum: 21420 d039dacbda9db203d23281317a8ddd3c libexpat1-dev_1.95.8-3.4+etch2_s390.deb Size/MD5 checksum: 132506 d194bdb366195ba2402999a2cad5aa4d
sparc architecture (Sun SPARC/UltraSPARC)
libexpat1-dev_1.95.8-3.4+etch2_sparc.deb Size/MD5 checksum: 128580 39bf980ed2bfd1a5f332b48c5f4b355b libexpat1-udeb_1.95.8-3.4+etch2_sparc.udeb Size/MD5 checksum: 51882 84810453c7288687eebcd5822c4525ca libexpat1_1.95.8-3.4+etch2_sparc.deb Size/MD5 checksum: 59824 b71d2a54edf53c92d97b1faa63930134 expat_1.95.8-3.4+etch2_sparc.deb Size/MD5 checksum: 20394 7f1bc9c83495ab50c03701e6ef125332
Debian GNU/Linux 5.0 alias lenny (stable) - -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.dsc Size/MD5 checksum: 1438 556771752cdeb9b854aae0ecd060e1c5 expat_2.0.1-4+lenny2.diff.gz Size/MD5 checksum: 133845 424badd53b1147b260c2dfd3b7c5f153
alpha architecture (DEC Alpha)
libexpat1-udeb_2.0.1-4+lenny2_alpha.udeb Size/MD5 checksum: 62898 289c10af11866f2862eebe1920910969 libexpat1-dev_2.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 221130 e5c4f3465c09b47b47b2959b44aeed09 expat_2.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 24628 92666b01407635c4829fc5fea10237b3 libexpat1_2.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 135844 331e0b3b6c41c716686de6eb7408024d
amd64 architecture (AMD x86_64 (AMD64))
libexpat1-dev_2.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 223306 6736ebbd46ddb4f03c7731c9ad893d27 libexpat1-udeb_2.0.1-4+lenny2_amd64.udeb Size/MD5 checksum: 62810 e8bcc7686a563b52372f1d03b5e39106 expat_2.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 23898 688c33641259b60883572206e151449a libexpat1_2.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 136360 752cdbf7c744780a629272335fa52779
arm architecture (ARM)
libexpat1-udeb_2.0.1-4+lenny2_arm.udeb Size/MD5 checksum: 52720 27a3e489f7ca8ad52bfc076a81348900 libexpat1-dev_2.0.1-4+lenny2_arm.deb Size/MD5 checksum: 203330 63309ffa0125a0ebf1c4d60831a0f365 expat_2.0.1-4+lenny2_arm.deb Size/MD5 checksum: 22108 165b6b7584589a653b5c8f6e2619f020 libexpat1_2.0.1-4+lenny2_arm.deb Size/MD5 checksum: 116164 979ed610597f6e64ae7646e0c93b0d32
armel architecture (ARM EABI)
libexpat1-dev_2.0.1-4+lenny2_armel.deb Size/MD5 checksum: 209090 33d3e6b4e7df0e01ea86a61fbb5b4240 expat_2.0.1-4+lenny2_armel.deb Size/MD5 checksum: 22362 44191b6e3c34c571089c23710da67d5d libexpat1-udeb_2.0.1-4+lenny2_armel.udeb Size/MD5 checksum: 54240 9bade1198036f567e35d8cc6f37312ea libexpat1_2.0.1-4+lenny2_armel.deb Size/MD5 checksum: 118714 7bcda4ddc2817c8aab259378dc660a0c
hppa architecture (HP PA RISC)
libexpat1-udeb_2.0.1-4+lenny2_hppa.udeb Size/MD5 checksum: 69456 1ff6cd259068a168fa229abaf71cc985 libexpat1-dev_2.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 261136 bde3165254c6034c331a54c0560d4fcb expat_2.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 24828 bb26c745fbb3e3cd9446cb01cc0ad4e7 libexpat1_2.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 148662 f955833df5ed41fdedc3d5090a43a8e5
i386 architecture (Intel ia32)
libexpat1-udeb_2.0.1-4+lenny2_i386.udeb Size/MD5 checksum: 60816 009c3b55eeeaa87476ff658c5c654791 expat_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 23288 529f392c091e9e09f74e21e77da69f0c lib64expat1-dev_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 168162 01b2166f38485842aab660f0a397487a lib64expat1_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 136330 11942d4c9c36b25882db662b9edf1981 libexpat1-dev_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 210542 54ea496b626a1875b6d7cf7519008ec3 libexpat1_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 131876 8c8a91854bf5ee9eec30fda926519bef
ia64 architecture (Intel ia64)
expat_2.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 27426 7d194ae6b0473db3ff5470c10938d964 libexpat1_2.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 206162 b5b5cd0448f4d4405e547083158d0b33 libexpat1-dev_2.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 291698 3c2fa7560629d402db2fe09cacf78d65 libexpat1-udeb_2.0.1-4+lenny2_ia64.udeb Size/MD5 checksum: 98262 d2fe5be42499f8cc35727ad1febaba15
mips architecture (MIPS (Big Endian))
libexpat1-dev_2.0.1-4+lenny2_mips.deb Size/MD5 checksum: 234414 c1fe34bff578c026a950a7c3f4c4d771 libexpat1-udeb_2.0.1-4+lenny2_mips.udeb Size/MD5 checksum: 61214 4670ea4ec04854955699ef5d1115322f expat_2.0.1-4+lenny2_mips.deb Size/MD5 checksum: 23794 294282bd2e09d86cdcecb2c7be16a2c7 libexpat1_2.0.1-4+lenny2_mips.deb Size/MD5 checksum: 132784 8ee0a7eabf9781a087dccc9348d9e5c0
mipsel architecture (MIPS (Little Endian))
libexpat1-dev_2.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 224124 d846357e369b14081f16cc1576bda554 libexpat1_2.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 131716 ab80da25bb702bf1eda5659949931cf3 expat_2.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 23812 0eab513e87cdc4b6af912e8c9b9eb97d libexpat1-udeb_2.0.1-4+lenny2_mipsel.udeb Size/MD5 checksum: 60652 571cd4e1defdffbd231b4f1c30317933
powerpc architecture (PowerPC)
libexpat1_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 140454 57b59323a8fd3f989c4b887a2f435edc lib64expat1_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 143938 14c14076db484cc958e72b9fc4c566db libexpat1-dev_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 280288 9fadfb58e2302a8b6f57297e65dfd8d3 expat_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 26806 72bac1cc1d74623ba6494645bc4289ab lib64expat1-dev_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 156730 2aca152555c73b700d1726d1eded7fe4 libexpat1-udeb_2.0.1-4+lenny2_powerpc.udeb Size/MD5 checksum: 64998 989f172b6599508c436bc5a09c91c4f5
s390 architecture (IBM S/390)
libexpat1-dev_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 220156 c7fc9bb8b053a250ab3e37bfb2bb5f48 expat_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 24202 f1db3ff06b30af0f9a37669346b03647 lib64expat1_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 134506 d64a081f5c330c143361c5a1adfbe960 libexpat1_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 134478 45bf7476a951dd3d6fb44a230c507f20 lib64expat1-dev_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 173076 c2cb8d4e8b9c5f0aaf3700e6efad34e8 libexpat1-udeb_2.0.1-4+lenny2_s390.udeb Size/MD5 checksum: 61936 c87e11d3c3759892c3d6b6f418c2bb95
sparc architecture (Sun SPARC/UltraSPARC)
libexpat1-udeb_2.0.1-4+lenny2_sparc.udeb Size/MD5 checksum: 57658 13a0ac88f44285d0d86dcd38d3deff70 lib64expat1_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 133572 8bab47cce6aabb7d2038c6d528ff02a3 expat_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 23164 4a504bfeb56ecce8f1b7aaaee11b138b lib64expat1-dev_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 171696 8e6d324c284db7a61854d544cb49418e libexpat1_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 125636 1ab1d2f419627c15d5fb557c515937f6 libexpat1-dev_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 216610 ec3f0144dd15d23fb9bc188b52a26f78
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLJ++jbxelr8HyTqQRAne2AJ0XhVqrv1+W8I5uFhFjeybYIrvTAwCgoWfG FASZTGkJPeI/o5ja76ls01w= =XgUm -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|