-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:316 http://www.mandriva.com/security/ _______________________________________________________________________ Package : expat Date : December 5, 2009 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9108b905fb1da6ed2fa0f83a0c386641 2008.0/i586/expat-2.0.1-4.2mdv2008.0.i586.rpm f204a06346e382581b0d3f3301ffadd3 2008.0/i586/libexpat1-2.0.1-4.2mdv2008.0.i586.rpm ab9269a6452f0191d17b88a7cae90949 2008.0/i586/libexpat1-devel-2.0.1-4.2mdv2008.0.i586.rpm 6363348acd6f5f6f0fa5c4aa61a6ebbd 2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 03e2988fe55ecd7c7888cdb87ca9e779 2008.0/x86_64/expat-2.0.1-4.2mdv2008.0.x86_64.rpm 8322f60c8e9ac7f21243b220951d52ec 2008.0/x86_64/lib64expat1-2.0.1-4.2mdv2008.0.x86_64.rpm 7433c14fc17e7c5eaf177c002cc1d75c 2008.0/x86_64/lib64expat1-devel-2.0.1-4.2mdv2008.0.x86_64.rpm 6363348acd6f5f6f0fa5c4aa61a6ebbd 2008.0/SRPMS/expat-2.0.1-4.2mdv2008.0.src.rpm Mandriva Linux 2009.0: a3406f038312e930bcf6e37591cf872a 2009.0/i586/expat-2.0.1-7.2mdv2009.0.i586.rpm 15a6e0faa82f77c0a29b9db9abbb8930 2009.0/i586/libexpat1-2.0.1-7.2mdv2009.0.i586.rpm 7d6e768b90064aed25977f3fa66a86a8 2009.0/i586/libexpat1-devel-2.0.1-7.2mdv2009.0.i586.rpm 778a521e0fe9de8444aebbea544aaceb 2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 7cffc848d7c1018ef8cf2f6ead9c56c7 2009.0/x86_64/expat-2.0.1-7.2mdv2009.0.x86_64.rpm 314b0c2ee406f43fa2d48edccb40465d 2009.0/x86_64/lib64expat1-2.0.1-7.2mdv2009.0.x86_64.rpm eeda32bc03d649fe1c1975433532c78d 2009.0/x86_64/lib64expat1-devel-2.0.1-7.2mdv2009.0.x86_64.rpm 778a521e0fe9de8444aebbea544aaceb 2009.0/SRPMS/expat-2.0.1-7.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 1700ce9cfb27620758d354d996433e76 2009.1/i586/expat-2.0.1-8.2mdv2009.1.i586.rpm 517a6e6356a1fc05cea9a7a473ccfd61 2009.1/i586/libexpat1-2.0.1-8.2mdv2009.1.i586.rpm 38d04bf472e9d4008fb636149d25fbeb 2009.1/i586/libexpat1-devel-2.0.1-8.2mdv2009.1.i586.rpm 3e6ab6cdb43fff3547b4f24aab4ec82b 2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 0c0b11d85cac8a9f3da701e452acb6ad 2009.1/x86_64/expat-2.0.1-8.2mdv2009.1.x86_64.rpm ac3512d4f42111bbee9987c5c93c7005 2009.1/x86_64/lib64expat1-2.0.1-8.2mdv2009.1.x86_64.rpm fd409ba4722686326c9fe1d9db3ead42 2009.1/x86_64/lib64expat1-devel-2.0.1-8.2mdv2009.1.x86_64.rpm 3e6ab6cdb43fff3547b4f24aab4ec82b 2009.1/SRPMS/expat-2.0.1-8.2mdv2009.1.src.rpm Mandriva Linux 2010.0: d9a3e00019a7a0486f22988ba923b22f 2010.0/i586/expat-2.0.1-10.1mdv2010.0.i586.rpm bdcf6e26502cde43c8239de13841afb2 2010.0/i586/libexpat1-2.0.1-10.1mdv2010.0.i586.rpm cd58e1d189212d7b54dc1fda48aa915c 2010.0/i586/libexpat1-devel-2.0.1-10.1mdv2010.0.i586.rpm c7a0caabeee91810964149052325fc41 2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 520af61cc436ac5fcef44464e41467e8 2010.0/x86_64/expat-2.0.1-10.1mdv2010.0.x86_64.rpm 42198ace124689b5303611d03974d2a3 2010.0/x86_64/lib64expat1-2.0.1-10.1mdv2010.0.x86_64.rpm 42bb51a93dfd026f91c7c4181f53988b 2010.0/x86_64/lib64expat1-devel-2.0.1-10.1mdv2010.0.x86_64.rpm c7a0caabeee91810964149052325fc41 2010.0/SRPMS/expat-2.0.1-10.1mdv2010.0.src.rpm Corporate 3.0: b6aaa4059149ce789b85618334255c76 corporate/3.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm f4a9f6fb4d3e53446ef059fbe3b93bdd corporate/3.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm b9d823b63878bb690dc9fddac1ca2a61 corporate/3.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm 43e083dc87a85e530d7f8206102e1eac corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm Corporate 3.0/X86_64: 44e65c80d7feb44d67c2e8a168595f66 corporate/3.0/x86_64/expat-1.95.6-4.2.C30mdk.x86_64.rpm de22ad66c1d6b83a6c5310dd3e179927 corporate/3.0/x86_64/lib64expat0-1.95.6-4.2.C30mdk.x86_64.rpm da53e544b02e14ed23096ce9a71353b9 corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.2.C30mdk.x86_64.rpm 43e083dc87a85e530d7f8206102e1eac corporate/3.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm Corporate 4.0: a49316221d42e4a2cfe15b1788474e7b corporate/4.0/i586/expat-1.95.8-1.2.20060mlcs4.i586.rpm 9e83fb9d0ca5799399ca5f10e92fb4cd corporate/4.0/i586/libexpat0-1.95.8-1.2.20060mlcs4.i586.rpm 3d1a006b0039c30babe0407db5f26ee2 corporate/4.0/i586/libexpat0-devel-1.95.8-1.2.20060mlcs4.i586.rpm 2695cdbc0f4c8af7c8d6b89cf28675f8 corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: df66dc609fb70e7022c6c5aa8dcce5c9 corporate/4.0/x86_64/expat-1.95.8-1.2.20060mlcs4.x86_64.rpm e9b731d1ef96d3f4cd7390596a97cd3a corporate/4.0/x86_64/lib64expat0-1.95.8-1.2.20060mlcs4.x86_64.rpm 5e1a4cedad5e8d32eb1deabbbd6fa231 corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.2.20060mlcs4.x86_64.rpm 2695cdbc0f4c8af7c8d6b89cf28675f8 corporate/4.0/SRPMS/expat-1.95.8-1.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 4c7a80c4e63028d9c22feec7ea39863a mes5/i586/expat-2.0.1-7.2mdvmes5.i586.rpm e3f6943d2fdc244cc6c320cef17398fe mes5/i586/libexpat1-2.0.1-7.2mdvmes5.i586.rpm 9e049d963fd965626bf9423ef115b693 mes5/i586/libexpat1-devel-2.0.1-7.2mdvmes5.i586.rpm 7787fe800e5725bce292f823d0c8ab73 mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 236584ced4908443a73c28912e01c643 mes5/x86_64/expat-2.0.1-7.2mdvmes5.x86_64.rpm 1e7646bc5048a8718d60a028a8d30fe2 mes5/x86_64/lib64expat1-2.0.1-7.2mdvmes5.x86_64.rpm 5b866d88e7846ab08b43858a84257b70 mes5/x86_64/lib64expat1-devel-2.0.1-7.2mdvmes5.x86_64.rpm 7787fe800e5725bce292f823d0c8ab73 mes5/SRPMS/expat-2.0.1-7.2mdvmes5.src.rpm Multi Network Firewall 2.0: f8db54d55d92f95a176440a7a6978dae mnf/2.0/i586/expat-1.95.6-4.2.C30mdk.i586.rpm c83ec9ece46500bcc652fb0a8c574fcf mnf/2.0/i586/libexpat0-1.95.6-4.2.C30mdk.i586.rpm 02a342d1777e7bc726a3e294050a3c20 mnf/2.0/i586/libexpat0-devel-1.95.6-4.2.C30mdk.i586.rpm 4ec71f97401c195d2401225eac653560 mnf/2.0/SRPMS/expat-1.95.6-4.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGktEmqjQ0CJFipgRArfUAKDUGfL7722MRKbLGCcBOvvAj8frfQCgxfyF iTjKX+OouJ0dDURPsS6vJ24= =NJfZ -----END PGP SIGNATURE-----
