Login
Newsletter
Werbung

Sicherheit: Denial of Service in expat
Aktuelle Meldungen Distributionen
Name: Denial of Service in expat
ID: MDVSA-2009:316
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0
Datum: Sa, 5. Dezember 2009, 16:24
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
Applikationen: expat

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260026673-24326-1657


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:316
http://www.mandriva.com/security/
_______________________________________________________________________

Package : expat
Date : December 5, 2009
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in expat:

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).

Packages for 2008.0 are being provided due to extended support for
Corporate products.

This update provides a solution to these vulnerabilities.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
9108b905fb1da6ed2fa0f83a0c386641
2008.0/i586/expat-2.0.1-4.2mdv2008.0.i586.rpm
f204a06346e382581b0d3f3301ffadd3
2008.0/i586/libexpat1-2.0.1-4.2mdv2008.0.i586.rpm
ab9269a6452f0191d17b88a7cae90949
2008.0/i586/libexpat1-devel-2.0.1-4.2mdv2008.0.i586.rpm
6363348acd6f5f6f0fa5c4aa61a6ebbd
2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
03e2988fe55ecd7c7888cdb87ca9e779
2008.0/x86_64/expat-2.0.1-4.2mdv2008.0.x86_64.rpm
8322f60c8e9ac7f21243b220951d52ec
2008.0/x86_64/lib64expat1-2.0.1-4.2mdv2008.0.x86_64.rpm
7433c14fc17e7c5eaf177c002cc1d75c
2008.0/x86_64/lib64expat1-devel-2.0.1-4.2mdv2008.0.x86_64.rpm
6363348acd6f5f6f0fa5c4aa61a6ebbd
2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm

Mandriva Linux 2009.0:
a3406f038312e930bcf6e37591cf872a
2009.0/i586/expat-2.0.1-7.2mdv2009.0.i586.rpm
15a6e0faa82f77c0a29b9db9abbb8930
2009.0/i586/libexpat1-2.0.1-7.2mdv2009.0.i586.rpm
7d6e768b90064aed25977f3fa66a86a8
2009.0/i586/libexpat1-devel-2.0.1-7.2mdv2009.0.i586.rpm
778a521e0fe9de8444aebbea544aaceb
2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
7cffc848d7c1018ef8cf2f6ead9c56c7
2009.0/x86_64/expat-2.0.1-7.2mdv2009.0.x86_64.rpm
314b0c2ee406f43fa2d48edccb40465d
2009.0/x86_64/lib64expat1-2.0.1-7.2mdv2009.0.x86_64.rpm
eeda32bc03d649fe1c1975433532c78d
2009.0/x86_64/lib64expat1-devel-2.0.1-7.2mdv2009.0.x86_64.rpm
778a521e0fe9de8444aebbea544aaceb
2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm

Mandriva Linux 2009.1:
1700ce9cfb27620758d354d996433e76
2009.1/i586/expat-2.0.1-8.2mdv2009.1.i586.rpm
517a6e6356a1fc05cea9a7a473ccfd61
2009.1/i586/libexpat1-2.0.1-8.2mdv2009.1.i586.rpm
38d04bf472e9d4008fb636149d25fbeb
2009.1/i586/libexpat1-devel-2.0.1-8.2mdv2009.1.i586.rpm
3e6ab6cdb43fff3547b4f24aab4ec82b
2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
0c0b11d85cac8a9f3da701e452acb6ad
2009.1/x86_64/expat-2.0.1-8.2mdv2009.1.x86_64.rpm
ac3512d4f42111bbee9987c5c93c7005
2009.1/x86_64/lib64expat1-2.0.1-8.2mdv2009.1.x86_64.rpm
fd409ba4722686326c9fe1d9db3ead42
2009.1/x86_64/lib64expat1-devel-2.0.1-8.2mdv2009.1.x86_64.rpm
3e6ab6cdb43fff3547b4f24aab4ec82b
2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm

Mandriva Linux 2010.0:
d9a3e00019a7a0486f22988ba923b22f
2010.0/i586/expat-2.0.1-10.1mdv2010.0.i586.rpm
bdcf6e26502cde43c8239de13841afb2
2010.0/i586/libexpat1-2.0.1-10.1mdv2010.0.i586.rpm
cd58e1d189212d7b54dc1fda48aa915c
2010.0/i586/libexpat1-devel-2.0.1-10.1mdv2010.0.i586.rpm
c7a0caabeee91810964149052325fc41
2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
520af61cc436ac5fcef44464e41467e8
2010.0/x86_64/expat-2.0.1-10.1mdv2010.0.x86_64.rpm
42198ace124689b5303611d03974d2a3
2010.0/x86_64/lib64expat1-2.0.1-10.1mdv2010.0.x86_64.rpm
42bb51a93dfd026f91c7c4181f53988b
2010.0/x86_64/lib64expat1-devel-2.0.1-10.1mdv2010.0.x86_64.rpm
c7a0caabeee91810964149052325fc41
2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm

Corporate 3.0:
b6aaa4059149ce789b85618334255c76
corporate/3.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm
f4a9f6fb4d3e53446ef059fbe3b93bdd
corporate/3.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm
b9d823b63878bb690dc9fddac1ca2a61
corporate/3.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm
43e083dc87a85e530d7f8206102e1eac
corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
44e65c80d7feb44d67c2e8a168595f66
corporate/3.0/x86_64/expat-1.95.6-4.2.C30mdk.x86_64.rpm
de22ad66c1d6b83a6c5310dd3e179927
corporate/3.0/x86_64/lib64expat0-1.95.6-4.2.C30mdk.x86_64.rpm
da53e544b02e14ed23096ce9a71353b9
corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.2.C30mdk.x86_64.rpm
43e083dc87a85e530d7f8206102e1eac
corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm

Corporate 4.0:
a49316221d42e4a2cfe15b1788474e7b
corporate/4.0/i586/expat-1.95.8-1.2.20060mlcs4.i586.rpm
9e83fb9d0ca5799399ca5f10e92fb4cd
corporate/4.0/i586/libexpat0-1.95.8-1.2.20060mlcs4.i586.rpm
3d1a006b0039c30babe0407db5f26ee2
corporate/4.0/i586/libexpat0-devel-1.95.8-1.2.20060mlcs4.i586.rpm
2695cdbc0f4c8af7c8d6b89cf28675f8
corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
df66dc609fb70e7022c6c5aa8dcce5c9
corporate/4.0/x86_64/expat-1.95.8-1.2.20060mlcs4.x86_64.rpm
e9b731d1ef96d3f4cd7390596a97cd3a
corporate/4.0/x86_64/lib64expat0-1.95.8-1.2.20060mlcs4.x86_64.rpm
5e1a4cedad5e8d32eb1deabbbd6fa231
corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.2.20060mlcs4.x86_64.rpm
2695cdbc0f4c8af7c8d6b89cf28675f8
corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
4c7a80c4e63028d9c22feec7ea39863a mes5/i586/expat-2.0.1-7.2mdvmes5.i586.rpm
e3f6943d2fdc244cc6c320cef17398fe
mes5/i586/libexpat1-2.0.1-7.2mdvmes5.i586.rpm
9e049d963fd965626bf9423ef115b693
mes5/i586/libexpat1-devel-2.0.1-7.2mdvmes5.i586.rpm
7787fe800e5725bce292f823d0c8ab73 mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
236584ced4908443a73c28912e01c643
mes5/x86_64/expat-2.0.1-7.2mdvmes5.x86_64.rpm
1e7646bc5048a8718d60a028a8d30fe2
mes5/x86_64/lib64expat1-2.0.1-7.2mdvmes5.x86_64.rpm
5b866d88e7846ab08b43858a84257b70
mes5/x86_64/lib64expat1-devel-2.0.1-7.2mdvmes5.x86_64.rpm
7787fe800e5725bce292f823d0c8ab73 mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm

Multi Network Firewall 2.0:
f8db54d55d92f95a176440a7a6978dae
mnf/2.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm
c83ec9ece46500bcc652fb0a8c574fcf
mnf/2.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm
02a342d1777e7bc726a3e294050a3c20
mnf/2.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm
4ec71f97401c195d2401225eac653560
mnf/2.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGktEmqjQ0CJFipgRArfUAKDUGfL7722MRKbLGCcBOvvAj8frfQCgxfyF
iTjKX+OouJ0dDURPsS6vJ24=
=NJfZ
-----END PGP SIGNATURE-----


------------=_1260026673-24326-1657
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260026673-24326-1657--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung