MDVSA-2009:316-3

Nom du paquet

expat

Date

2010-01-10

Advisory ID

MDVSA-2009:316-3

Affected versions

2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in expat:

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides a solution to these vulnerabilities.

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Update:

The previous (MDVSA-2009:316-2) updates provided packages for
2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased
release number which prevented the packages from hitting the mirrors.

Updated packages

2009.0 x86_64

 765f5d35b0e1b4ff33d426dc79296851  2009.0/x86_64/expat-2.0.1-7.3mdv2009.0.x86_64.rpm
 0905a279e62d648abaa025dec1f262eb  2009.0/x86_64/lib64expat1-2.0.1-7.3mdv2009.0.x86_64.rpm
 2562ec57be33f72dbaa5d04cd4a3e566  2009.0/x86_64/lib64expat1-devel-2.0.1-7.3mdv2009.0.x86_64.rpm 
 6508d5fba047cf35b6d61259266b82ed  2009.0/SRPMS/expat-2.0.1-7.3mdv2009.0.src.rpm

MES5 i586

 0c1e5ed2e68540b127707df985eaa9b2  mes5/i586/expat-2.0.1-7.3mdvmes5.i586.rpm
 969c2c861d178394615eba9bd786a2d1  mes5/i586/libexpat1-2.0.1-7.3mdvmes5.i586.rpm
 4668e05cf61f067112e4c55f2c864f76  mes5/i586/libexpat1-devel-2.0.1-7.3mdvmes5.i586.rpm 
 cb94fe0c73aa6140abcf05b277a438d2  mes5/SRPMS/expat-2.0.1-7.3mdvmes5.src.rpm

2010.0 x86_64

 339cbedef9d61586aa4bdef40801db0d  2010.0/x86_64/expat-2.0.1-10.2mdv2010.0.x86_64.rpm
 95067327674b3752b6166e631e6c0c54  2010.0/x86_64/lib64expat1-2.0.1-10.2mdv2010.0.x86_64.rpm
 9d327cfab29a197b2f2910259ca1f421  2010.0/x86_64/lib64expat1-devel-2.0.1-10.2mdv2010.0.x86_64.rpm 
 91c4034ba57643ad09893ee550b124fb  2010.0/SRPMS/expat-2.0.1-10.2mdv2010.0.src.rpm

2010.0 i586

 eb556df9f00d67acd20a0b3a4d21f487  2010.0/i586/expat-2.0.1-10.2mdv2010.0.i586.rpm
 3f2fe4b31ef2e572aa0f103cec4cac02  2010.0/i586/libexpat1-2.0.1-10.2mdv2010.0.i586.rpm
 7787b1cfae235d1146ead95c67240832  2010.0/i586/libexpat1-devel-2.0.1-10.2mdv2010.0.i586.rpm 
 91c4034ba57643ad09893ee550b124fb  2010.0/SRPMS/expat-2.0.1-10.2mdv2010.0.src.rpm

2009.1 i586

 fe1d2d61e0447990a8fea4e133f1c0d1  2009.1/i586/expat-2.0.1-8.3mdv2009.1.i586.rpm
 ee800d042612c90ac48004d026d87e18  2009.1/i586/libexpat1-2.0.1-8.3mdv2009.1.i586.rpm
 8a556a2c5bcd40d1160fb86d3b24ad93  2009.1/i586/libexpat1-devel-2.0.1-8.3mdv2009.1.i586.rpm 
 591ceb30bbc21cce048c04d5f67cc3d7  2009.1/SRPMS/expat-2.0.1-8.3mdv2009.1.src.rpm

2009.0 i586

 1b5e3348c1bbe4ecdbe2d171dbc92f2a  2009.0/i586/expat-2.0.1-7.3mdv2009.0.i586.rpm
 d4df428ea77983271d7c31f9bce59669  2009.0/i586/libexpat1-2.0.1-7.3mdv2009.0.i586.rpm
 0d0802d87eb78bc64f3ca8195d7cc17b  2009.0/i586/libexpat1-devel-2.0.1-7.3mdv2009.0.i586.rpm 
 6508d5fba047cf35b6d61259266b82ed  2009.0/SRPMS/expat-2.0.1-7.3mdv2009.0.src.rpm

2008.0 x86_64

 bfe2cc21ead72b18a505ac13d3b0857c  2008.0/x86_64/expat-2.0.1-4.3mdv2008.0.x86_64.rpm
 dac863ff59aed4282ae59e321f203f93  2008.0/x86_64/lib64expat1-2.0.1-4.3mdv2008.0.x86_64.rpm
 37d732528c186489897ecdf7f9585cb8  2008.0/x86_64/lib64expat1-devel-2.0.1-4.3mdv2008.0.x86_64.rpm 
 00f546038b5b8efae7e7cbfaa806dae8  2008.0/SRPMS/expat-2.0.1-4.3mdv2008.0.src.rpm

2008.0 i586

 13774ef90c141db6326c7262d3c320c8  2008.0/i586/expat-2.0.1-4.3mdv2008.0.i586.rpm
 8cc403e46d7b6c5239763ccef3ac97f6  2008.0/i586/libexpat1-2.0.1-4.3mdv2008.0.i586.rpm
 97e7266c3a2bdd6b1e2b3b3046904c98  2008.0/i586/libexpat1-devel-2.0.1-4.3mdv2008.0.i586.rpm 
 00f546038b5b8efae7e7cbfaa806dae8  2008.0/SRPMS/expat-2.0.1-4.3mdv2008.0.src.rpm

2009.1 x86_64

 7532d0529c362180c9a1a8fd206f13fd  2009.1/x86_64/expat-2.0.1-8.3mdv2009.1.x86_64.rpm
 6b7a604d8c15a39c59bf04e7f26bb90e  2009.1/x86_64/lib64expat1-2.0.1-8.3mdv2009.1.x86_64.rpm
 adc29880c73da313bc69d23085963dcd  2009.1/x86_64/lib64expat1-devel-2.0.1-8.3mdv2009.1.x86_64.rpm 
 591ceb30bbc21cce048c04d5f67cc3d7  2009.1/SRPMS/expat-2.0.1-8.3mdv2009.1.src.rpm

MES5 x86_64

 5a1624a1c856992f50a38efa739f5987  mes5/x86_64/expat-2.0.1-7.3mdvmes5.x86_64.rpm
 bfb6d7058cf6d4930db4362576839281  mes5/x86_64/lib64expat1-2.0.1-7.3mdvmes5.x86_64.rpm
 b314bdc8eabfb001be798e0a382996f3  mes5/x86_64/lib64expat1-devel-2.0.1-7.3mdvmes5.x86_64.rpm 
 cb94fe0c73aa6140abcf05b277a438d2  mes5/SRPMS/expat-2.0.1-7.3mdvmes5.src.rpm

References

• https://bugzilla.novell.com/show_bug.cgi?id=566434
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560