MDVSA-2009:220

Nom du paquet

davfs

Date

2009-08-24

Advisory ID

MDVSA-2009:220

Affected versions

2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , 2008.1 x86_64 , 2009.1 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

This update fixes this vulnerability.

Updated packages

2009.0 x86_64

 8c206c8889c9254130a8127687b3962f  2009.0/x86_64/davfs-0.2.4-13.1mdv2009.0.x86_64.rpm 
 e9818c8abd898b55329a14eb8630cde9  2009.0/SRPMS/davfs-0.2.4-13.1mdv2009.0.src.rpm

2009.1 i586

 127a1c1f498331f6d1e6e221cf1e3379  2009.1/i586/davfs-0.2.4-13.1mdv2009.1.i586.rpm 
 0d1d1a1a9a5ff92691f98e5540888cae  2009.1/SRPMS/davfs-0.2.4-13.1mdv2009.1.src.rpm

2009.0 i586

 7e39d413c7bb0e2661d0650dc139155b  2009.0/i586/davfs-0.2.4-13.1mdv2009.0.i586.rpm 
 e9818c8abd898b55329a14eb8630cde9  2009.0/SRPMS/davfs-0.2.4-13.1mdv2009.0.src.rpm

2008.1 i586

 836fbffa0db370bed19c2155e74db6a8  2008.1/i586/davfs-0.2.4-12.1mdv2008.1.i586.rpm 
 00b4617e02b82f2a9495d092d136bae6  2008.1/SRPMS/davfs-0.2.4-12.1mdv2008.1.src.rpm

2008.1 x86_64

 2db29f8b61c2e50c9859b429d70fe18e  2008.1/x86_64/davfs-0.2.4-12.1mdv2008.1.x86_64.rpm 
 00b4617e02b82f2a9495d092d136bae6  2008.1/SRPMS/davfs-0.2.4-12.1mdv2008.1.src.rpm

2009.1 x86_64

 094c3857f19c4351f44c8cfa8a49ef2b  2009.1/x86_64/davfs-0.2.4-13.1mdv2009.1.x86_64.rpm 
 0d1d1a1a9a5ff92691f98e5540888cae  2009.1/SRPMS/davfs-0.2.4-13.1mdv2009.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
• https://bugs.gentoo.org/show_bug.cgi?id=280615