-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1921-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano October 28, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : expat Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id : CVE-2009-2625 Debian Bug : 551936 Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution (etch), this problem has been fixed in version 1.95.8-3.4+etch1. For the stable distribution (lenny), this problem has been fixed in version 2.0.1-4+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your expat packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1.diff.gz Size/MD5 checksum: 413057 b78006808401dff164db95fd8f2499f0 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1.dsc Size/MD5 checksum: 711 0a87419bbdae53aeacaf08eef449f8b3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_alpha.deb Size/MD5 checksum: 143212 7b134dfafbbc9bc66ccff9dc2eeff47f http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_alpha.deb Size/MD5 checksum: 69412 9d0a43d446692ef43add0360db26c256 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_alpha.deb Size/MD5 checksum: 22316 999371a25e7d944716db206d1c4e10cc http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_alpha.udeb Size/MD5 checksum: 61192 521bb25d4e511f26f63a62c194acf6b0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_amd64.deb Size/MD5 checksum: 133646 d6b90212e771f641c21cee38ae37bd08 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_amd64.udeb Size/MD5 checksum: 56488 494fe3d0c4ac2c85b8b9f2d6ff9803dc http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_amd64.deb Size/MD5 checksum: 21488 6125318bcc858833651fc29e003ada22 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_amd64.deb Size/MD5 checksum: 64626 5704af163a7c90f06c83da1587c20b16 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_arm.udeb Size/MD5 checksum: 49414 70ad1f420deebf55461455ec52ba9a2e http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_arm.deb Size/MD5 checksum: 125270 cdfc0a34dad99c9c85c8f11cdada5884 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_arm.deb Size/MD5 checksum: 19760 cfa4b1b4005647b15b22730ede7b9a05 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_arm.deb Size/MD5 checksum: 57582 52acb1f317a52ef9e4429381dce93ba7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_hppa.udeb Size/MD5 checksum: 64780 f9c37fed892741dbd9c27a54e6f8c147 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_hppa.deb Size/MD5 checksum: 151792 a8add5beda89448ec1b1584a5f055216 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_hppa.deb Size/MD5 checksum: 22646 6729356bed0d898b6660de36bb8a226b http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_hppa.deb Size/MD5 checksum: 72970 3b0d2aa031bc6fe388daa5ee8fcc6da6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_i386.udeb Size/MD5 checksum: 54964 e2df0e10b8466ca1f5534145f432b4fe http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_i386.deb Size/MD5 checksum: 21034 6e8dbc3e542af0a3c9b6970014c7e5e4 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_i386.deb Size/MD5 checksum: 128180 ad28064754c7f1fb08035ad626647448 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_i386.deb Size/MD5 checksum: 63076 0554efb1bbae1faa50d1c5c5a0038dfc ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_ia64.deb Size/MD5 checksum: 164942 71ba03af83170f1efb508073c3ace2bc http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_ia64.deb Size/MD5 checksum: 25042 f1ce83568dccc86afac7ca26501df87e http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_ia64.udeb Size/MD5 checksum: 87370 bc39d0e16d8f274834b97ff798620c2c http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_ia64.deb Size/MD5 checksum: 95842 16ea105cb9be4e8f34f477942e833d3d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_mips.deb Size/MD5 checksum: 64688 a0490288615044b9e71d2287db1e3b55 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_mips.deb Size/MD5 checksum: 141886 91a4ed2068294c45ccfa98e17330b858 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_mips.deb Size/MD5 checksum: 21556 e9805d4363f0380bbad732c0889e812f http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_mips.udeb Size/MD5 checksum: 56622 9fa9d8b88bf0936795aedfbad1a498ab mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_mipsel.deb Size/MD5 checksum: 21614 4038b82ec3347f53ad7435cd9dbdee5d http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_mipsel.udeb Size/MD5 checksum: 56206 be281b9712278314dde05df7dda3b9a1 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_mipsel.deb Size/MD5 checksum: 139468 48e8b40dc5101ff8255cec88b0c5a034 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_mipsel.deb Size/MD5 checksum: 64316 e59d24b012bd3d57ec18a8184801a901 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_powerpc.deb Size/MD5 checksum: 67616 a4935eb9cf357861e6d22af5d81ca4de http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_powerpc.deb Size/MD5 checksum: 22912 6f1c43294a9bc041f2024bf86a5a242b http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_powerpc.deb Size/MD5 checksum: 148128 b7a3a1f85a29bee92889ca55a5d43552 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_powerpc.udeb Size/MD5 checksum: 59454 dbe0efc19ee40ebf818e848ea4de363b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_s390.deb Size/MD5 checksum: 132490 c9cd7b6caa0c5a04e8f715132b0eb59b http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_s390.deb Size/MD5 checksum: 21388 5ee9487ec0ca34361d9b8cf5830c12f4 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_s390.udeb Size/MD5 checksum: 56752 1b352f981450c98f8c00bf4baa2078f9 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_s390.deb Size/MD5 checksum: 64868 f9e54e5d2551451d31a763b13a2c364a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_sparc.deb Size/MD5 checksum: 59802 37e1cad658801c5026fba0ca514ad957 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_sparc.deb Size/MD5 checksum: 128542 7229bcce28eba3eaecc264bfce901a53 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_sparc.deb Size/MD5 checksum: 20364 6eff0d9ceb56cd2f8b2633fe54cbe5ab http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_sparc.udeb Size/MD5 checksum: 51888 cadd0f53bb0f10e3ba8571f515216231 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1.diff.gz Size/MD5 checksum: 133411 b5dc224140f8bcdfeab899c9a2aeaf4f http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1.dsc Size/MD5 checksum: 1446 4f069e17ff00f0b1fb810560bce5db05 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_alpha.deb Size/MD5 checksum: 24564 7f87bd7e3acb7fa2d22013721fdfa559 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_alpha.udeb Size/MD5 checksum: 62906 f95bc5aa62d8879afbd425c8fcf6b181 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_alpha.deb Size/MD5 checksum: 135812 e4720cf53555b1011a9bb42253199cc2 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_alpha.deb Size/MD5 checksum: 221676 826650f73b4d4969d3464d02af036adf arm architecture (ARM) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_arm.deb Size/MD5 checksum: 116376 536b22408ff81447bd9a984e4bc756e9 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_arm.deb Size/MD5 checksum: 203596 b46fc0f701c2dd02fbb70a6cae347f47 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_arm.udeb Size/MD5 checksum: 52710 d4913705e34f828e76b27019c10337a4 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_arm.deb Size/MD5 checksum: 21998 c77c0e795b5af5d9538388ef8d1a25d8 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_armel.deb Size/MD5 checksum: 118426 cf02b38a12f7e8657f49bd8a7b0c2b6e http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_armel.deb Size/MD5 checksum: 22438 673a31f0e726110538bf5d6d53a3c282 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_armel.udeb Size/MD5 checksum: 54246 8b263ca48bedce9acdc9d0c4101bf8f9 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_armel.deb Size/MD5 checksum: 212288 b50fa35fc55675d8ed42b39b625fb61a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_hppa.deb Size/MD5 checksum: 148612 b2e989c2d41537b7eded10ef12bdbbf5 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_hppa.deb Size/MD5 checksum: 263104 e0b07e6ec6a833717f2ebf6a0a0b9762 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_hppa.deb Size/MD5 checksum: 24772 4ce5b792eb6762d8e8cd26df498f1f66 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_hppa.udeb Size/MD5 checksum: 69464 8810e4ff889f120e4f51dfba788c1118 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 136372 910e7dc6c260cb7061b100738d8a1637 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 131890 5091b56525caf7de535b6d5ca76c8f8d http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 166714 6371c41f37ac8c15f9c311d6466a263c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 23152 d1e24f461306e329e74b0314a549dad6 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 210960 d45ab14f22aedda35b035e608cba7709 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_i386.udeb Size/MD5 checksum: 60860 73e491d5110ed35e4c005d244669e766 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_ia64.udeb Size/MD5 checksum: 98272 1cc10948dd1323607865151a0591adad http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_ia64.deb Size/MD5 checksum: 291648 b2f7fe1850cf5fe6050f96005da1748d http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_ia64.deb Size/MD5 checksum: 27380 2fd76be3636984916917998e81a4b9f3 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_ia64.deb Size/MD5 checksum: 206108 397ec5dfd3f83c34fc39ff39ae8148fa mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_mips.udeb Size/MD5 checksum: 61228 ea9ee5d1bca8efc3f4c0f0d2e9bb3930 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_mips.deb Size/MD5 checksum: 23738 38e25159f47889c901a3757af18f31c2 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_mips.deb Size/MD5 checksum: 234326 6b10c5a87366da9075eb433495ddc8e4 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_mips.deb Size/MD5 checksum: 132730 9949f7271e2ad5755721403b36a9c154 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_mipsel.deb Size/MD5 checksum: 224082 c45b4b489d8fd0325929f892ea39004c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_mipsel.deb Size/MD5 checksum: 23774 bf5132a28a20a53aeef6bf12f2aa36c9 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_mipsel.udeb Size/MD5 checksum: 60670 1c234db94cfc29fa5cb21e28cbeac6dc http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_mipsel.deb Size/MD5 checksum: 131658 06d1a814da4a66b807e3525a29f96e76 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 26826 8a7cd66d04cbbd0c3247bcca5182c951 http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 143872 a275b856d11ac3ce5189b65017e952e3 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_powerpc.udeb Size/MD5 checksum: 64980 dbbf31280a7a727516fca9179da29263 http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 156368 7cca3cdd70382e3ed1d4d8d8217c4f45 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 140358 8bd7bec1ea5c601a475f2e36a98c18cd http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 278806 830816c1e396fb4d69696e244d785c44 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 24124 27b2ea41753a6576aaebe994f8833a60 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 220192 813bf8bf832f774b4c5f3120ea48911a http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_s390.udeb Size/MD5 checksum: 61928 af19fa9ec752837bfe87e398a466b7ea http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 134458 b2af0c017b461dff94aeded9f70ded94 http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 173038 0dd72e1ad7913c685a25a88d6565fe39 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 134430 389c55e7e57db27e58d9a350b2b3dec7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 125766 7fe69d7a65dcd222370f136ec87c5cec http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 218412 e9dba766ea171c5ed3e47846f5f9d1ce http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 172190 16d5b9d3449e374ab39ce1109ae974d5 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 23126 c01eb7581f2fcb7a90becd0c37cffe5b http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 133186 8c74fc1afc688092bee0516283d42537 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_sparc.udeb Size/MD5 checksum: 57658 409dcc8cd16d56d57a70b7eb8797e052 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkroEJIACgkQ62zWxYk/rQdm5wCfdagOq/3V+SpL1Ll/zoFnyXBH r/kAn34OE04+v+gfbm/tf4QqtpVcsSUq =fj30 -----END PGP SIGNATURE-----