Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.
5e917bb7e6f9edc636297d6a5ef7728eaba569232b19fbb441916d312716221aApple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.
e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.
92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509Gentoo Linux Security Advisory 201209-6 - Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service. Versions less than 2.1.0_beta3 are affected.
822ec539973278a040496a2f65af0dd1463e48af5d213341fb183708ba1cc60dVMware Security Advisory 2012-0001 - VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues.
e35a8f609b986bb8b2fc490b895224847eba088cf1f87974f9bc5820e0c3c589Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.
afb754e948ecb997661a2640f0ff3042c01bce970a3e081cc14ecea1dd6901bcUbuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
1f32136aec10fe43a90bf2ba1b04fc4cb7a66b529d203b5c07c70c2fef09e488VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.
0ae5770077c762418cfd24f3ee041e3030eda4c4cf779c13c8b5a0c5d3c879caUbuntu Security Notice 890-5 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
52eb5cf05dd186c7c71a01ca7548fbcb53330023b7e0dfb24faca286a3ad70beUbuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
42a2daccd8cc1406010126b963ee66d202639413a9de1bb48654443115f644d7Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).
28197fcb1e4306a91d0fa3becafcfc0ced03343e6c675879be0de7506a38c77dUbuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
2d03d955c3cfb57a0bfe01de70f6a02b616d92fb935678c879af3a64fe866cb2Ubuntu Security Notice 890-2 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
ea6b31bbdb860ef163601a21ea9d535929947d631fc7f47bfc3b910ed0ae749eUbuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
d4220160b2265aec5952c4517574f263f4c2b458f115db9b08bc867f153d8cbdMandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The previous (MDVSA-2009:316-2) updates provided packages for 2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased release number which prevented the packages from hitting the mirrors.
65a319ba6e69c9835b128c925cf1694bfae7fe20c0b9a69df9bd5a8c82228cc1Mandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. SUSE discovered a regression with the previous patch fixing CVE-2009-3560. This regression is now being addressed with this update.
6f69399efed3b9a739ab2aea43b5838f99e06cdc3a2c2527e50239a35f5d8e17Mandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. This vulnerability was discovered in the bundled expat code in various softwares besides expat itself. As a precaution the affected softwares has preemptively been patched to prevent presumptive future exploitations of this issue.
f62dec47bbc9c17a6a46964a20dbdad1d44bf7f4e959e624ff64c00668b591fbDebian Linux Security Advisory 1953-2 - cases, expat would abort with the message "error in processing external entity reference".
599465b5029d7facfab631cd9609ec5d416977ff8cb4ad234fbbb0ed4e50b934Debian Linux Security Advisory 1953-1 - Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
816b22e06544545d02f60da63b07187d6cb4532c9ba1a9b7037a8680fb4bcbe8Mandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
a4f5212089e79d79b8222da5bb00dc203143f370dfbbdd0a9dbdc6d9d55599db
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed