lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1SCbVt-0005vr-JG@titan.mandriva.com>
Date: Tue, 27 Mar 2012 20:53:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:041 ] expat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:041
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : expat
 Date    : March 27, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A memory leak and a hash table collision flaw in expat could cause
 denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 210b60280a0baf8e08634e0ea6a3bab9  2010.1/i586/expat-2.0.1-12.1mdv2010.2.i586.rpm
 0b657867100b109cbf90a05d2262bec7  2010.1/i586/libexpat1-2.0.1-12.1mdv2010.2.i586.rpm
 0bd180a7b4f4d93df5b74f66e2c85e74  2010.1/i586/libexpat1-devel-2.0.1-12.1mdv2010.2.i586.rpm 
 9f063d0589f638e047de6a5266e6ac84  2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 ced30873d989d1511e828037b4f68d4d  2010.1/x86_64/expat-2.0.1-12.1mdv2010.2.x86_64.rpm
 ebd7d687082377e65c818f8ba780b66d  2010.1/x86_64/lib64expat1-2.0.1-12.1mdv2010.2.x86_64.rpm
 fd8bef44ccdadeaf14966b44733883fe  2010.1/x86_64/lib64expat1-devel-2.0.1-12.1mdv2010.2.x86_64.rpm 
 9f063d0589f638e047de6a5266e6ac84  2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 6c8bdc44eed2cebf483d4041d57f5eea  2011/i586/expat-2.0.1-15.1-mdv2011.0.i586.rpm
 8211eeb028a563dcbedda7d1726035bb  2011/i586/libexpat1-2.0.1-15.1-mdv2011.0.i586.rpm
 c6c9685891ae405ff6181b6899ee10ce  2011/i586/libexpat-devel-2.0.1-15.1-mdv2011.0.i586.rpm
 7afd883dae4a17201128de1485cf949c  2011/i586/libexpat-static-devel-2.0.1-15.1-mdv2011.0.i586.rpm 
 4be73538c443ced014373c7e364daac5  2011/SRPMS/expat-2.0.1-15.1.src.rpm

 Mandriva Linux 2011/X86_64:
 7e84ec2183f6ba903779b00f914e3813  2011/x86_64/expat-2.0.1-15.1-mdv2011.0.x86_64.rpm
 d7c0853983ce8d2dc2b0b9740924acd7  2011/x86_64/lib64expat1-2.0.1-15.1-mdv2011.0.x86_64.rpm
 ecca4f586885b53d2a0ca39a8985f561  2011/x86_64/lib64expat-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm
 f87f9aecd51f1f20508dc6f6ad5f02e6  2011/x86_64/lib64expat-static-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm 
 4be73538c443ced014373c7e364daac5  2011/SRPMS/expat-2.0.1-15.1.src.rpm

 Mandriva Enterprise Server 5:
 9618c2dceec06fcb04655e2adb9f8d9d  mes5/i586/expat-2.0.1-7.4mdvmes5.2.i586.rpm
 a0b4d2e3b545f6d63cef9476da3cc72f  mes5/i586/libexpat1-2.0.1-7.4mdvmes5.2.i586.rpm
 95ec804d1758d0a7628abd42bf3e54e5  mes5/i586/libexpat1-devel-2.0.1-7.4mdvmes5.2.i586.rpm 
 01271afe453d63599a6951f7dbc83197  mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4781b62e289cae964e8a7c540d2387c9  mes5/x86_64/expat-2.0.1-7.4mdvmes5.2.x86_64.rpm
 aee65480dd6cc31f957c3b17771babf6  mes5/x86_64/lib64expat1-2.0.1-7.4mdvmes5.2.x86_64.rpm
 ddbc81b65a6969e17900bbbc842cc8e4  mes5/x86_64/lib64expat1-devel-2.0.1-7.4mdvmes5.2.x86_64.rpm 
 01271afe453d63599a6951f7dbc83197  mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPcd5UmqjQ0CJFipgRAvzjAJ46WPQm7hmP1/gmoLmPmFMdZYcOrQCgq/oR
ZVAk5KD7zUd2cFhkef3xvRo=
=EuSi
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ