Denial of Service in expat
ID: | FEDORA-2019-18868e1715 |
Distribution: | Fedora |
Plattformen: | Fedora 30 |
Datum: | Mi, 10. Juli 2019, 07:10 |
Referenzen: | https://bugzilla.redhat.com/show_bug.cgi?id=1722224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 |
Applikationen: | expat |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-18868e1715 2019-07-10 00:51:11.941556 -------------------------------------------------------------------------------- Name : expat Product : Fedora 30 Version : 2.2.7 Release : 1.fc30 URL : https://libexpat.github.io/ Summary : An XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: This update includes a fix for a security vulnerability, CVE_2018-20843: > Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 27 2019 Joe Orton |