Paketname
expat
Datum
2009-12-05
Advisory ID
MDVSA-2009:316
Betroffene Versionen
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , MES5 i586 , 2008.0 i586 , 2009.1 x86_64 , CS4.0 i586 , MES5 x86_64

Problembeschreibung

A vulnerability has been found and corrected in expat:

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides a solution to these vulnerabilities.

Aktualisierte Pakete

2009.0 x86_64

 7cffc848d7c1018ef8cf2f6ead9c56c7  2009.0/x86_64/expat-2.0.1-7.2mdv2009.0.x86_64.rpm
 314b0c2ee406f43fa2d48edccb40465d  2009.0/x86_64/lib64expat1-2.0.1-7.2mdv2009.0.x86_64.rpm
 eeda32bc03d649fe1c1975433532c78d  2009.0/x86_64/lib64expat1-devel-2.0.1-7.2mdv2009.0.x86_64.rpm 
 778a521e0fe9de8444aebbea544aaceb  2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm

CS4.0 x86_64

 df66dc609fb70e7022c6c5aa8dcce5c9  corporate/4.0/x86_64/expat-1.95.8-1.2.20060mlcs4.x86_64.rpm
 e9b731d1ef96d3f4cd7390596a97cd3a  corporate/4.0/x86_64/lib64expat0-1.95.8-1.2.20060mlcs4.x86_64.rpm
 5e1a4cedad5e8d32eb1deabbbd6fa231  corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.2.20060mlcs4.x86_64.rpm 
 2695cdbc0f4c8af7c8d6b89cf28675f8  corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm

MNF2.0 i586

 f8db54d55d92f95a176440a7a6978dae  mnf/2.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm
 c83ec9ece46500bcc652fb0a8c574fcf  mnf/2.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm
 02a342d1777e7bc726a3e294050a3c20  mnf/2.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm 
 4ec71f97401c195d2401225eac653560  mnf/2.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm

2010.0 x86_64

 520af61cc436ac5fcef44464e41467e8  2010.0/x86_64/expat-2.0.1-10.1mdv2010.0.x86_64.rpm
 42198ace124689b5303611d03974d2a3  2010.0/x86_64/lib64expat1-2.0.1-10.1mdv2010.0.x86_64.rpm
 42bb51a93dfd026f91c7c4181f53988b  2010.0/x86_64/lib64expat1-devel-2.0.1-10.1mdv2010.0.x86_64.rpm 
 c7a0caabeee91810964149052325fc41  2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm

2010.0 i586

 d9a3e00019a7a0486f22988ba923b22f  2010.0/i586/expat-2.0.1-10.1mdv2010.0.i586.rpm
 bdcf6e26502cde43c8239de13841afb2  2010.0/i586/libexpat1-2.0.1-10.1mdv2010.0.i586.rpm
 cd58e1d189212d7b54dc1fda48aa915c  2010.0/i586/libexpat1-devel-2.0.1-10.1mdv2010.0.i586.rpm 
 c7a0caabeee91810964149052325fc41  2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm

2009.1 i586

 1700ce9cfb27620758d354d996433e76  2009.1/i586/expat-2.0.1-8.2mdv2009.1.i586.rpm
 517a6e6356a1fc05cea9a7a473ccfd61  2009.1/i586/libexpat1-2.0.1-8.2mdv2009.1.i586.rpm
 38d04bf472e9d4008fb636149d25fbeb  2009.1/i586/libexpat1-devel-2.0.1-8.2mdv2009.1.i586.rpm 
 3e6ab6cdb43fff3547b4f24aab4ec82b  2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm

2009.0 i586

 a3406f038312e930bcf6e37591cf872a  2009.0/i586/expat-2.0.1-7.2mdv2009.0.i586.rpm
 15a6e0faa82f77c0a29b9db9abbb8930  2009.0/i586/libexpat1-2.0.1-7.2mdv2009.0.i586.rpm
 7d6e768b90064aed25977f3fa66a86a8  2009.0/i586/libexpat1-devel-2.0.1-7.2mdv2009.0.i586.rpm 
 778a521e0fe9de8444aebbea544aaceb  2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm

CS3.0 x86_64

 44e65c80d7feb44d67c2e8a168595f66  corporate/3.0/x86_64/expat-1.95.6-4.2.C30mdk.x86_64.rpm
 de22ad66c1d6b83a6c5310dd3e179927  corporate/3.0/x86_64/lib64expat0-1.95.6-4.2.C30mdk.x86_64.rpm
 da53e544b02e14ed23096ce9a71353b9  corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.2.C30mdk.x86_64.rpm 
 43e083dc87a85e530d7f8206102e1eac  corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm

2008.0 x86_64

 03e2988fe55ecd7c7888cdb87ca9e779  2008.0/x86_64/expat-2.0.1-4.2mdv2008.0.x86_64.rpm
 8322f60c8e9ac7f21243b220951d52ec  2008.0/x86_64/lib64expat1-2.0.1-4.2mdv2008.0.x86_64.rpm
 7433c14fc17e7c5eaf177c002cc1d75c  2008.0/x86_64/lib64expat1-devel-2.0.1-4.2mdv2008.0.x86_64.rpm 
 6363348acd6f5f6f0fa5c4aa61a6ebbd  2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm

CS3.0 i586

 b6aaa4059149ce789b85618334255c76  corporate/3.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm
 f4a9f6fb4d3e53446ef059fbe3b93bdd  corporate/3.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm
 b9d823b63878bb690dc9fddac1ca2a61  corporate/3.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm 
 43e083dc87a85e530d7f8206102e1eac  corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm

MES5 i586

 4c7a80c4e63028d9c22feec7ea39863a  mes5/i586/expat-2.0.1-7.2mdvmes5.i586.rpm
 e3f6943d2fdc244cc6c320cef17398fe  mes5/i586/libexpat1-2.0.1-7.2mdvmes5.i586.rpm
 9e049d963fd965626bf9423ef115b693  mes5/i586/libexpat1-devel-2.0.1-7.2mdvmes5.i586.rpm 
 7787fe800e5725bce292f823d0c8ab73  mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm

2008.0 i586

 9108b905fb1da6ed2fa0f83a0c386641  2008.0/i586/expat-2.0.1-4.2mdv2008.0.i586.rpm
 f204a06346e382581b0d3f3301ffadd3  2008.0/i586/libexpat1-2.0.1-4.2mdv2008.0.i586.rpm
 ab9269a6452f0191d17b88a7cae90949  2008.0/i586/libexpat1-devel-2.0.1-4.2mdv2008.0.i586.rpm 
 6363348acd6f5f6f0fa5c4aa61a6ebbd  2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm

2009.1 x86_64

 0c0b11d85cac8a9f3da701e452acb6ad  2009.1/x86_64/expat-2.0.1-8.2mdv2009.1.x86_64.rpm
 ac3512d4f42111bbee9987c5c93c7005  2009.1/x86_64/lib64expat1-2.0.1-8.2mdv2009.1.x86_64.rpm
 fd409ba4722686326c9fe1d9db3ead42  2009.1/x86_64/lib64expat1-devel-2.0.1-8.2mdv2009.1.x86_64.rpm 
 3e6ab6cdb43fff3547b4f24aab4ec82b  2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm

CS4.0 i586

 a49316221d42e4a2cfe15b1788474e7b  corporate/4.0/i586/expat-1.95.8-1.2.20060mlcs4.i586.rpm
 9e83fb9d0ca5799399ca5f10e92fb4cd  corporate/4.0/i586/libexpat0-1.95.8-1.2.20060mlcs4.i586.rpm
 3d1a006b0039c30babe0407db5f26ee2  corporate/4.0/i586/libexpat0-devel-1.95.8-1.2.20060mlcs4.i586.rpm 
 2695cdbc0f4c8af7c8d6b89cf28675f8  corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm

MES5 x86_64

 236584ced4908443a73c28912e01c643  mes5/x86_64/expat-2.0.1-7.2mdvmes5.x86_64.rpm
 1e7646bc5048a8718d60a028a8d30fe2  mes5/x86_64/lib64expat1-2.0.1-7.2mdvmes5.x86_64.rpm
 5b866d88e7846ab08b43858a84257b70  mes5/x86_64/lib64expat1-devel-2.0.1-7.2mdvmes5.x86_64.rpm 
 7787fe800e5725bce292f823d0c8ab73  mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm

Referenzen