MDVSA-2009:218-1

Package name

w3c-libwww

Date

2009-12-04

Advisory ID

MDVSA-2009:218-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

This update fixes this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 2a8e142af77be1b60a7ccd02e66dd587  2008.0/i586/w3c-libwww-5.4.0-8.1mdv2008.0.i586.rpm
 e4cbabf897c816d707e9092d8280b96f  2008.0/i586/w3c-libwww-apps-5.4.0-8.1mdv2008.0.i586.rpm
 276f6ccca91a1ad06d6e0a40767323b9  2008.0/i586/w3c-libwww-devel-5.4.0-8.1mdv2008.0.i586.rpm 
 5fa864a2e952bfa86758b689302d5b89  2008.0/SRPMS/w3c-libwww-5.4.0-8.1mdv2008.0.src.rpm

2008.0 x86_64

 af3800898d3de92c9a01c0a6616c0e74  2008.0/x86_64/w3c-libwww-5.4.0-8.1mdv2008.0.x86_64.rpm
 eb4422f1e0a3f89e03ee1df985f634ce  2008.0/x86_64/w3c-libwww-apps-5.4.0-8.1mdv2008.0.x86_64.rpm
 5a37706de7e38011f5efa43b5e7faed8  2008.0/x86_64/w3c-libwww-devel-5.4.0-8.1mdv2008.0.x86_64.rpm 
 5fa864a2e952bfa86758b689302d5b89  2008.0/SRPMS/w3c-libwww-5.4.0-8.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
• https://bugs.gentoo.org/show_bug.cgi?id=280615