Mandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
a4f5212089e79d79b8222da5bb00dc203143f370dfbbdd0a9dbdc6d9d55599db
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:316
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : December 5, 2009
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in expat:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
9108b905fb1da6ed2fa0f83a0c386641 2008.0/i586/expat-2.0.1-4.2mdv2008.0.i586.rpm
f204a06346e382581b0d3f3301ffadd3 2008.0/i586/libexpat1-2.0.1-4.2mdv2008.0.i586.rpm
ab9269a6452f0191d17b88a7cae90949 2008.0/i586/libexpat1-devel-2.0.1-4.2mdv2008.0.i586.rpm
6363348acd6f5f6f0fa5c4aa61a6ebbd 2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
03e2988fe55ecd7c7888cdb87ca9e779 2008.0/x86_64/expat-2.0.1-4.2mdv2008.0.x86_64.rpm
8322f60c8e9ac7f21243b220951d52ec 2008.0/x86_64/lib64expat1-2.0.1-4.2mdv2008.0.x86_64.rpm
7433c14fc17e7c5eaf177c002cc1d75c 2008.0/x86_64/lib64expat1-devel-2.0.1-4.2mdv2008.0.x86_64.rpm
6363348acd6f5f6f0fa5c4aa61a6ebbd 2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm
Mandriva Linux 2009.0:
a3406f038312e930bcf6e37591cf872a 2009.0/i586/expat-2.0.1-7.2mdv2009.0.i586.rpm
15a6e0faa82f77c0a29b9db9abbb8930 2009.0/i586/libexpat1-2.0.1-7.2mdv2009.0.i586.rpm
7d6e768b90064aed25977f3fa66a86a8 2009.0/i586/libexpat1-devel-2.0.1-7.2mdv2009.0.i586.rpm
778a521e0fe9de8444aebbea544aaceb 2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
7cffc848d7c1018ef8cf2f6ead9c56c7 2009.0/x86_64/expat-2.0.1-7.2mdv2009.0.x86_64.rpm
314b0c2ee406f43fa2d48edccb40465d 2009.0/x86_64/lib64expat1-2.0.1-7.2mdv2009.0.x86_64.rpm
eeda32bc03d649fe1c1975433532c78d 2009.0/x86_64/lib64expat1-devel-2.0.1-7.2mdv2009.0.x86_64.rpm
778a521e0fe9de8444aebbea544aaceb 2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
1700ce9cfb27620758d354d996433e76 2009.1/i586/expat-2.0.1-8.2mdv2009.1.i586.rpm
517a6e6356a1fc05cea9a7a473ccfd61 2009.1/i586/libexpat1-2.0.1-8.2mdv2009.1.i586.rpm
38d04bf472e9d4008fb636149d25fbeb 2009.1/i586/libexpat1-devel-2.0.1-8.2mdv2009.1.i586.rpm
3e6ab6cdb43fff3547b4f24aab4ec82b 2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
0c0b11d85cac8a9f3da701e452acb6ad 2009.1/x86_64/expat-2.0.1-8.2mdv2009.1.x86_64.rpm
ac3512d4f42111bbee9987c5c93c7005 2009.1/x86_64/lib64expat1-2.0.1-8.2mdv2009.1.x86_64.rpm
fd409ba4722686326c9fe1d9db3ead42 2009.1/x86_64/lib64expat1-devel-2.0.1-8.2mdv2009.1.x86_64.rpm
3e6ab6cdb43fff3547b4f24aab4ec82b 2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm
Mandriva Linux 2010.0:
d9a3e00019a7a0486f22988ba923b22f 2010.0/i586/expat-2.0.1-10.1mdv2010.0.i586.rpm
bdcf6e26502cde43c8239de13841afb2 2010.0/i586/libexpat1-2.0.1-10.1mdv2010.0.i586.rpm
cd58e1d189212d7b54dc1fda48aa915c 2010.0/i586/libexpat1-devel-2.0.1-10.1mdv2010.0.i586.rpm
c7a0caabeee91810964149052325fc41 2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
520af61cc436ac5fcef44464e41467e8 2010.0/x86_64/expat-2.0.1-10.1mdv2010.0.x86_64.rpm
42198ace124689b5303611d03974d2a3 2010.0/x86_64/lib64expat1-2.0.1-10.1mdv2010.0.x86_64.rpm
42bb51a93dfd026f91c7c4181f53988b 2010.0/x86_64/lib64expat1-devel-2.0.1-10.1mdv2010.0.x86_64.rpm
c7a0caabeee91810964149052325fc41 2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm
Corporate 3.0:
b6aaa4059149ce789b85618334255c76 corporate/3.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm
f4a9f6fb4d3e53446ef059fbe3b93bdd corporate/3.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm
b9d823b63878bb690dc9fddac1ca2a61 corporate/3.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm
43e083dc87a85e530d7f8206102e1eac corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
44e65c80d7feb44d67c2e8a168595f66 corporate/3.0/x86_64/expat-1.95.6-4.2.C30mdk.x86_64.rpm
de22ad66c1d6b83a6c5310dd3e179927 corporate/3.0/x86_64/lib64expat0-1.95.6-4.2.C30mdk.x86_64.rpm
da53e544b02e14ed23096ce9a71353b9 corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.2.C30mdk.x86_64.rpm
43e083dc87a85e530d7f8206102e1eac corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm
Corporate 4.0:
a49316221d42e4a2cfe15b1788474e7b corporate/4.0/i586/expat-1.95.8-1.2.20060mlcs4.i586.rpm
9e83fb9d0ca5799399ca5f10e92fb4cd corporate/4.0/i586/libexpat0-1.95.8-1.2.20060mlcs4.i586.rpm
3d1a006b0039c30babe0407db5f26ee2 corporate/4.0/i586/libexpat0-devel-1.95.8-1.2.20060mlcs4.i586.rpm
2695cdbc0f4c8af7c8d6b89cf28675f8 corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
df66dc609fb70e7022c6c5aa8dcce5c9 corporate/4.0/x86_64/expat-1.95.8-1.2.20060mlcs4.x86_64.rpm
e9b731d1ef96d3f4cd7390596a97cd3a corporate/4.0/x86_64/lib64expat0-1.95.8-1.2.20060mlcs4.x86_64.rpm
5e1a4cedad5e8d32eb1deabbbd6fa231 corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.2.20060mlcs4.x86_64.rpm
2695cdbc0f4c8af7c8d6b89cf28675f8 corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
4c7a80c4e63028d9c22feec7ea39863a mes5/i586/expat-2.0.1-7.2mdvmes5.i586.rpm
e3f6943d2fdc244cc6c320cef17398fe mes5/i586/libexpat1-2.0.1-7.2mdvmes5.i586.rpm
9e049d963fd965626bf9423ef115b693 mes5/i586/libexpat1-devel-2.0.1-7.2mdvmes5.i586.rpm
7787fe800e5725bce292f823d0c8ab73 mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
236584ced4908443a73c28912e01c643 mes5/x86_64/expat-2.0.1-7.2mdvmes5.x86_64.rpm
1e7646bc5048a8718d60a028a8d30fe2 mes5/x86_64/lib64expat1-2.0.1-7.2mdvmes5.x86_64.rpm
5b866d88e7846ab08b43858a84257b70 mes5/x86_64/lib64expat1-devel-2.0.1-7.2mdvmes5.x86_64.rpm
7787fe800e5725bce292f823d0c8ab73 mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm
Multi Network Firewall 2.0:
f8db54d55d92f95a176440a7a6978dae mnf/2.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm
c83ec9ece46500bcc652fb0a8c574fcf mnf/2.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm
02a342d1777e7bc726a3e294050a3c20 mnf/2.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm
4ec71f97401c195d2401225eac653560 mnf/2.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGktEmqjQ0CJFipgRArfUAKDUGfL7722MRKbLGCcBOvvAj8frfQCgxfyF
iTjKX+OouJ0dDURPsS6vJ24=
=NJfZ
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed