-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:211 http://www.mandriva.com/security/ _______________________________________________________________________ Package : expat Date : August 23, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. _______________________________________________________________________ References: https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 2181b28d804e6a33c07d1369ac34381f 2008.1/i586/expat-2.0.1-6.1mdv2008.1.i586.rpm ce96e8fb6660cd1a7d9a2e1a72ad0bb2 2008.1/i586/libexpat1-2.0.1-6.1mdv2008.1.i586.rpm 0657eb1a9fa861a854a336039f736823 2008.1/i586/libexpat1-devel-2.0.1-6.1mdv2008.1.i586.rpm f8803e21a02d9dbb434c903f33743c33 2008.1/SRPMS/expat-2.0.1-6.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 924f2ccbc644a463446e3c89da0cae02 2008.1/x86_64/expat-2.0.1-6.1mdv2008.1.x86_64.rpm 87aa4714f2b4a9a85584c4ea53e01458 2008.1/x86_64/lib64expat1-2.0.1-6.1mdv2008.1.x86_64.rpm 0b3b9d8fade37a8e84a9301071a4c2ca 2008.1/x86_64/lib64expat1-devel-2.0.1-6.1mdv2008.1.x86_64.rpm f8803e21a02d9dbb434c903f33743c33 2008.1/SRPMS/expat-2.0.1-6.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 0e8bc1a07fc860c1dec006eefc561168 2009.0/i586/expat-2.0.1-7.1mdv2009.0.i586.rpm 89bc879a2ddc2c1d66a61bf98aec412e 2009.0/i586/libexpat1-2.0.1-7.1mdv2009.0.i586.rpm 2c0190d81a5ba7aeac080590dae19c1f 2009.0/i586/libexpat1-devel-2.0.1-7.1mdv2009.0.i586.rpm f7455a677794c15ed12ff422cb15ee5b 2009.0/SRPMS/expat-2.0.1-7.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: a0a31e8488c957af356837979c9744a8 2009.0/x86_64/expat-2.0.1-7.1mdv2009.0.x86_64.rpm 98962e50eda12a034dc33c0a63ed4bcd 2009.0/x86_64/lib64expat1-2.0.1-7.1mdv2009.0.x86_64.rpm 1490a6e22c7be148c5b8124161c8af77 2009.0/x86_64/lib64expat1-devel-2.0.1-7.1mdv2009.0.x86_64.rpm f7455a677794c15ed12ff422cb15ee5b 2009.0/SRPMS/expat-2.0.1-7.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 4a3596bf4412063c6ae66dc8683a4f9b 2009.1/i586/expat-2.0.1-8.1mdv2009.1.i586.rpm deaaf243964c6a2474dcec09330fc9f2 2009.1/i586/libexpat1-2.0.1-8.1mdv2009.1.i586.rpm e61bc3f518380208efef1e96957fe82b 2009.1/i586/libexpat1-devel-2.0.1-8.1mdv2009.1.i586.rpm 1714e6e953a636a670e0edb2b22a0609 2009.1/SRPMS/expat-2.0.1-8.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: c6da3c24dc9dd9a252bb9ad429fcce19 2009.1/x86_64/expat-2.0.1-8.1mdv2009.1.x86_64.rpm 403c2aab97db57186f874380cb0ae92e 2009.1/x86_64/lib64expat1-2.0.1-8.1mdv2009.1.x86_64.rpm cb05ef127f3bf2a4932183b40327aa9e 2009.1/x86_64/lib64expat1-devel-2.0.1-8.1mdv2009.1.x86_64.rpm 1714e6e953a636a670e0edb2b22a0609 2009.1/SRPMS/expat-2.0.1-8.1mdv2009.1.src.rpm Corporate 3.0: e919c13542e3a132b4a583244575d4c3 corporate/3.0/i586/expat-1.95.6-4.1.C30mdk.i586.rpm 75904e11c8a4024d062d0c89c8ac8632 corporate/3.0/i586/libexpat0-1.95.6-4.1.C30mdk.i586.rpm bdd6ba554e42e029cdaa84b4234ec11c corporate/3.0/i586/libexpat0-devel-1.95.6-4.1.C30mdk.i586.rpm 7dc8dc2309d8581ed940164de4d3d4b2 corporate/3.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm Corporate 3.0/X86_64: 008a22f8ee7be70f8fd15b6da488eb80 corporate/3.0/x86_64/expat-1.95.6-4.1.C30mdk.x86_64.rpm 6cb25f21cdb04c23d7afe98922f45991 corporate/3.0/x86_64/lib64expat0-1.95.6-4.1.C30mdk.x86_64.rpm 8a3c52fdc2f968e02da8c3d601a4623f corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.1.C30mdk.x86_64.rpm 7dc8dc2309d8581ed940164de4d3d4b2 corporate/3.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm Corporate 4.0: f7ccfcb5fa238354660c949721e5517e corporate/4.0/i586/expat-1.95.8-1.1.20060mlcs4.i586.rpm dc10209ef2ca50a2916b82d94642588f corporate/4.0/i586/libexpat0-1.95.8-1.1.20060mlcs4.i586.rpm ba35ae7acdc791318b940503f2710de2 corporate/4.0/i586/libexpat0-devel-1.95.8-1.1.20060mlcs4.i586.rpm ed7ae760e4c6d2a97bcdb80b9a8c3100 corporate/4.0/SRPMS/expat-1.95.8-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 824058717dab89a7feb0b8ca42261132 corporate/4.0/x86_64/expat-1.95.8-1.1.20060mlcs4.x86_64.rpm 7e3ae47825cf85c709072ed671d113c2 corporate/4.0/x86_64/lib64expat0-1.95.8-1.1.20060mlcs4.x86_64.rpm 332a358417c3688cc2f892c44142aac7 corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.1.20060mlcs4.x86_64.rpm ed7ae760e4c6d2a97bcdb80b9a8c3100 corporate/4.0/SRPMS/expat-1.95.8-1.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: f3ee754080518a50dd02eb9d5117d9ed mes5/i586/expat-2.0.1-7.1mdvmes5.i586.rpm 3260998cf9124fb8c6b926c8e029f611 mes5/i586/libexpat1-2.0.1-7.1mdvmes5.i586.rpm 83b2639918048c8550a706992b24c721 mes5/i586/libexpat1-devel-2.0.1-7.1mdvmes5.i586.rpm 627e55a3b171bfadc534bce48e1e7df0 mes5/SRPMS/expat-2.0.1-7.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 7ed7a4ff0d119f3f8b04835e8b1444c3 mes5/x86_64/expat-2.0.1-7.1mdvmes5.x86_64.rpm 538d665ead102ab2627c946dc8dc24a4 mes5/x86_64/lib64expat1-2.0.1-7.1mdvmes5.x86_64.rpm 9067f6f0bfa0aa430310dd6c6ef4fecf mes5/x86_64/lib64expat1-devel-2.0.1-7.1mdvmes5.x86_64.rpm 627e55a3b171bfadc534bce48e1e7df0 mes5/SRPMS/expat-2.0.1-7.1mdvmes5.src.rpm Multi Network Firewall 2.0: cd948d7d4a17d3827a3d3f1df7f9df41 mnf/2.0/i586/expat-1.95.6-4.1.C30mdk.i586.rpm 29cb9b5d17c8526942dbca13a64ea6a5 mnf/2.0/i586/libexpat0-1.95.6-4.1.C30mdk.i586.rpm 6560352697766961d656e92eac8a5845 mnf/2.0/i586/libexpat0-devel-1.95.6-4.1.C30mdk.i586.rpm 95a9587cb54aabc712605bc09bf22a9a mnf/2.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKkVekmqjQ0CJFipgRAmScAKCWm2bQUaM+ieYUYByI6uFUe3CRZQCgrST+ XEhTIzjxqxE8OaJDbc5yYqs= =NQBZ -----END PGP SIGNATURE-----
