lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MfH02-0000m9-5T@titan.mandriva.com>
Date: Sun, 23 Aug 2009 19:37:02 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:211 ] expat


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:211
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : expat
 Date    : August 23, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found in xmltok_impl.c (expat) that with
 specially crafted XML could be exploited and lead to a denial of
 service attack. Related to CVE-2009-2625.
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 https://bugs.gentoo.org/show_bug.cgi?id=280615
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 2181b28d804e6a33c07d1369ac34381f  2008.1/i586/expat-2.0.1-6.1mdv2008.1.i586.rpm
 ce96e8fb6660cd1a7d9a2e1a72ad0bb2  2008.1/i586/libexpat1-2.0.1-6.1mdv2008.1.i586.rpm
 0657eb1a9fa861a854a336039f736823  2008.1/i586/libexpat1-devel-2.0.1-6.1mdv2008.1.i586.rpm 
 f8803e21a02d9dbb434c903f33743c33  2008.1/SRPMS/expat-2.0.1-6.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 924f2ccbc644a463446e3c89da0cae02  2008.1/x86_64/expat-2.0.1-6.1mdv2008.1.x86_64.rpm
 87aa4714f2b4a9a85584c4ea53e01458  2008.1/x86_64/lib64expat1-2.0.1-6.1mdv2008.1.x86_64.rpm
 0b3b9d8fade37a8e84a9301071a4c2ca  2008.1/x86_64/lib64expat1-devel-2.0.1-6.1mdv2008.1.x86_64.rpm 
 f8803e21a02d9dbb434c903f33743c33  2008.1/SRPMS/expat-2.0.1-6.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 0e8bc1a07fc860c1dec006eefc561168  2009.0/i586/expat-2.0.1-7.1mdv2009.0.i586.rpm
 89bc879a2ddc2c1d66a61bf98aec412e  2009.0/i586/libexpat1-2.0.1-7.1mdv2009.0.i586.rpm
 2c0190d81a5ba7aeac080590dae19c1f  2009.0/i586/libexpat1-devel-2.0.1-7.1mdv2009.0.i586.rpm 
 f7455a677794c15ed12ff422cb15ee5b  2009.0/SRPMS/expat-2.0.1-7.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a0a31e8488c957af356837979c9744a8  2009.0/x86_64/expat-2.0.1-7.1mdv2009.0.x86_64.rpm
 98962e50eda12a034dc33c0a63ed4bcd  2009.0/x86_64/lib64expat1-2.0.1-7.1mdv2009.0.x86_64.rpm
 1490a6e22c7be148c5b8124161c8af77  2009.0/x86_64/lib64expat1-devel-2.0.1-7.1mdv2009.0.x86_64.rpm 
 f7455a677794c15ed12ff422cb15ee5b  2009.0/SRPMS/expat-2.0.1-7.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 4a3596bf4412063c6ae66dc8683a4f9b  2009.1/i586/expat-2.0.1-8.1mdv2009.1.i586.rpm
 deaaf243964c6a2474dcec09330fc9f2  2009.1/i586/libexpat1-2.0.1-8.1mdv2009.1.i586.rpm
 e61bc3f518380208efef1e96957fe82b  2009.1/i586/libexpat1-devel-2.0.1-8.1mdv2009.1.i586.rpm 
 1714e6e953a636a670e0edb2b22a0609  2009.1/SRPMS/expat-2.0.1-8.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 c6da3c24dc9dd9a252bb9ad429fcce19  2009.1/x86_64/expat-2.0.1-8.1mdv2009.1.x86_64.rpm
 403c2aab97db57186f874380cb0ae92e  2009.1/x86_64/lib64expat1-2.0.1-8.1mdv2009.1.x86_64.rpm
 cb05ef127f3bf2a4932183b40327aa9e  2009.1/x86_64/lib64expat1-devel-2.0.1-8.1mdv2009.1.x86_64.rpm 
 1714e6e953a636a670e0edb2b22a0609  2009.1/SRPMS/expat-2.0.1-8.1mdv2009.1.src.rpm

 Corporate 3.0:
 e919c13542e3a132b4a583244575d4c3  corporate/3.0/i586/expat-1.95.6-4.1.C30mdk.i586.rpm
 75904e11c8a4024d062d0c89c8ac8632  corporate/3.0/i586/libexpat0-1.95.6-4.1.C30mdk.i586.rpm
 bdd6ba554e42e029cdaa84b4234ec11c  corporate/3.0/i586/libexpat0-devel-1.95.6-4.1.C30mdk.i586.rpm 
 7dc8dc2309d8581ed940164de4d3d4b2  corporate/3.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 008a22f8ee7be70f8fd15b6da488eb80  corporate/3.0/x86_64/expat-1.95.6-4.1.C30mdk.x86_64.rpm
 6cb25f21cdb04c23d7afe98922f45991  corporate/3.0/x86_64/lib64expat0-1.95.6-4.1.C30mdk.x86_64.rpm
 8a3c52fdc2f968e02da8c3d601a4623f  corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.1.C30mdk.x86_64.rpm 
 7dc8dc2309d8581ed940164de4d3d4b2  corporate/3.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm

 Corporate 4.0:
 f7ccfcb5fa238354660c949721e5517e  corporate/4.0/i586/expat-1.95.8-1.1.20060mlcs4.i586.rpm
 dc10209ef2ca50a2916b82d94642588f  corporate/4.0/i586/libexpat0-1.95.8-1.1.20060mlcs4.i586.rpm
 ba35ae7acdc791318b940503f2710de2  corporate/4.0/i586/libexpat0-devel-1.95.8-1.1.20060mlcs4.i586.rpm 
 ed7ae760e4c6d2a97bcdb80b9a8c3100  corporate/4.0/SRPMS/expat-1.95.8-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 824058717dab89a7feb0b8ca42261132  corporate/4.0/x86_64/expat-1.95.8-1.1.20060mlcs4.x86_64.rpm
 7e3ae47825cf85c709072ed671d113c2  corporate/4.0/x86_64/lib64expat0-1.95.8-1.1.20060mlcs4.x86_64.rpm
 332a358417c3688cc2f892c44142aac7  corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.1.20060mlcs4.x86_64.rpm 
 ed7ae760e4c6d2a97bcdb80b9a8c3100  corporate/4.0/SRPMS/expat-1.95.8-1.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 f3ee754080518a50dd02eb9d5117d9ed  mes5/i586/expat-2.0.1-7.1mdvmes5.i586.rpm
 3260998cf9124fb8c6b926c8e029f611  mes5/i586/libexpat1-2.0.1-7.1mdvmes5.i586.rpm
 83b2639918048c8550a706992b24c721  mes5/i586/libexpat1-devel-2.0.1-7.1mdvmes5.i586.rpm 
 627e55a3b171bfadc534bce48e1e7df0  mes5/SRPMS/expat-2.0.1-7.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 7ed7a4ff0d119f3f8b04835e8b1444c3  mes5/x86_64/expat-2.0.1-7.1mdvmes5.x86_64.rpm
 538d665ead102ab2627c946dc8dc24a4  mes5/x86_64/lib64expat1-2.0.1-7.1mdvmes5.x86_64.rpm
 9067f6f0bfa0aa430310dd6c6ef4fecf  mes5/x86_64/lib64expat1-devel-2.0.1-7.1mdvmes5.x86_64.rpm 
 627e55a3b171bfadc534bce48e1e7df0  mes5/SRPMS/expat-2.0.1-7.1mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 cd948d7d4a17d3827a3d3f1df7f9df41  mnf/2.0/i586/expat-1.95.6-4.1.C30mdk.i586.rpm
 29cb9b5d17c8526942dbca13a64ea6a5  mnf/2.0/i586/libexpat0-1.95.6-4.1.C30mdk.i586.rpm
 6560352697766961d656e92eac8a5845  mnf/2.0/i586/libexpat0-devel-1.95.6-4.1.C30mdk.i586.rpm 
 95a9587cb54aabc712605bc09bf22a9a  mnf/2.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKkVekmqjQ0CJFipgRAmScAKCWm2bQUaM+ieYUYByI6uFUe3CRZQCgrST+
XEhTIzjxqxE8OaJDbc5yYqs=
=NQBZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ