MDVSA-2009:211-1

Package name

expat

Date

2009-12-04

Advisory ID

MDVSA-2009:211-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

This update fixes this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 161e54e15e10cfbd2ffb3ab2879c8920  2008.0/i586/expat-2.0.1-4.1mdv2008.0.i586.rpm
 46ed11120902848ebd4e19a63f4c8974  2008.0/i586/libexpat1-2.0.1-4.1mdv2008.0.i586.rpm
 4ccceed9651a932eeba0d815c5440a7e  2008.0/i586/libexpat1-devel-2.0.1-4.1mdv2008.0.i586.rpm 
 0cd2a8f3ad232480febc37c73448d79a  2008.0/SRPMS/expat-2.0.1-4.1mdv2008.0.src.rpm

2008.0 x86_64

 775166f9732ecbbeb7c4875c34fff00e  2008.0/x86_64/expat-2.0.1-4.1mdv2008.0.x86_64.rpm
 dabd3d5871d4a128071b04a10bf54565  2008.0/x86_64/lib64expat1-2.0.1-4.1mdv2008.0.x86_64.rpm
 304cd751a38047d8256c950c25975ac8  2008.0/x86_64/lib64expat1-devel-2.0.1-4.1mdv2008.0.x86_64.rpm 
 0cd2a8f3ad232480febc37c73448d79a  2008.0/SRPMS/expat-2.0.1-4.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
• https://bugs.gentoo.org/show_bug.cgi?id=280615