-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1953-1 security@xxxxxxxxxx http://www.debian.org/security/ Stefan Fritsch December 15, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : expat Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id : CVE-2009-3560 Debian Bug : 560901 Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution (etch), this problem has been fixed in version 1.95.8-3.4+etch2. For the stable distribution (lenny), this problem has been fixed in version 2.0.1-4+lenny2. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be in version 2.0.1-6. The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available. We recommend that you upgrade your expat packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch (oldstable) - ------------------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.diff.gz Size/MD5 checksum: 413321 e6d99f30014fccc0ffb9db1554ba1472 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.dsc Size/MD5 checksum: 703 50e1e2ab47fe419e89ef671991ddb3f0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_alpha.deb Size/MD5 checksum: 69460 59616e932bcd8c86ecd4998fe633f5ee http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb Size/MD5 checksum: 61198 39a8aaec6ba02d5a206e44db95bc5d87 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_alpha.deb Size/MD5 checksum: 143250 ac848be2b40296fbdf3a6a6eeed551f4 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_alpha.deb Size/MD5 checksum: 22360 e3b52bc716fa975c4cc43cc9a00a4546 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_amd64.deb Size/MD5 checksum: 64628 0ebf8bb1e3b55cf8e751f638881eee14 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_amd64.deb Size/MD5 checksum: 21518 4ee3b94bccadb231c5ee8e47b9ebe053 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb Size/MD5 checksum: 56436 e856562cc8156f88ef07d3b79aac9336 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_amd64.deb Size/MD5 checksum: 133908 30ba0c9b11641b960327577a65ff4423 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_arm.deb Size/MD5 checksum: 57250 1b0a1f0cf411bb0d437f3a01e5cd3593 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_arm.deb Size/MD5 checksum: 126100 0f0bcf322522ee564f1c006b9172a873 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_arm.deb Size/MD5 checksum: 19798 eaea089d8c4d2bfc14ecf7a72f149202 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb Size/MD5 checksum: 49400 07e75e50c1b7adae634d77763bd5e86e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_hppa.deb Size/MD5 checksum: 149462 2a9bead50733246e3cc1f8b52c283d6c http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_hppa.deb Size/MD5 checksum: 22684 44dd6038115624b780f51314b38d1819 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb Size/MD5 checksum: 64792 aa392afb507d07a4eb4061e6368afd04 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_hppa.deb Size/MD5 checksum: 73014 a8317a8f7a03f9aa5561fe43fbbdbcae i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb Size/MD5 checksum: 63130 28f26b307f7cb5b133c7d7b0b7f336dc http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_i386.deb Size/MD5 checksum: 21090 67a8e21213321cf54be9dc58380ce45f http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb Size/MD5 checksum: 129822 4e06399f0079e7608d25430ded374d97 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb Size/MD5 checksum: 54984 64b2c0654425bd1234f5394efb1e2d69 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb Size/MD5 checksum: 87362 c78054403944437ce5ddfa700ee04532 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_ia64.deb Size/MD5 checksum: 164964 11efdcba7612853f816112c1b99437d0 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_ia64.deb Size/MD5 checksum: 25076 e6f02ab66bde8b7de92ef2d97b60f9c0 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_ia64.deb Size/MD5 checksum: 95858 fe960e6af68f6e12429ee8eb600d80f9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_mips.udeb Size/MD5 checksum: 56612 a917e2fe1206a9614fb7b9c04eb88a86 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_mips.deb Size/MD5 checksum: 21600 fbcd5b817b80aaa9856698d68a6fa455 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_mips.deb Size/MD5 checksum: 141918 dc95f50a8665aeb063885bc989d1315f http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_mips.deb Size/MD5 checksum: 64702 cd4cee2ee2b4cb36d6f822998c5d7d20 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_powerpc.deb Size/MD5 checksum: 22948 50ae9c0fa46faebf9a4eafeb2fb40b9a http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_powerpc.udeb Size/MD5 checksum: 59448 4d212532482851f7a463ede5419f1791 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_powerpc.deb Size/MD5 checksum: 148146 381b2f1b56ec4b803cf904e0cd58e4ec http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_powerpc.deb Size/MD5 checksum: 67650 de0a12471a24bc12da5c7b4cd33bba07 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_s390.deb Size/MD5 checksum: 64906 f480563f4ff6a0f77dbd0a490a973b9d http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_s390.udeb Size/MD5 checksum: 56770 7854d9f4ce32b1963ede0790b69904d0 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_s390.deb Size/MD5 checksum: 21420 d039dacbda9db203d23281317a8ddd3c http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_s390.deb Size/MD5 checksum: 132506 d194bdb366195ba2402999a2cad5aa4d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_sparc.deb Size/MD5 checksum: 128580 39bf980ed2bfd1a5f332b48c5f4b355b http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_sparc.udeb Size/MD5 checksum: 51882 84810453c7288687eebcd5822c4525ca http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_sparc.deb Size/MD5 checksum: 59824 b71d2a54edf53c92d97b1faa63930134 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_sparc.deb Size/MD5 checksum: 20394 7f1bc9c83495ab50c03701e6ef125332 Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.dsc Size/MD5 checksum: 1438 556771752cdeb9b854aae0ecd060e1c5 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.diff.gz Size/MD5 checksum: 133845 424badd53b1147b260c2dfd3b7c5f153 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_alpha.udeb Size/MD5 checksum: 62898 289c10af11866f2862eebe1920910969 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 221130 e5c4f3465c09b47b47b2959b44aeed09 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 24628 92666b01407635c4829fc5fea10237b3 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 135844 331e0b3b6c41c716686de6eb7408024d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 223306 6736ebbd46ddb4f03c7731c9ad893d27 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_amd64.udeb Size/MD5 checksum: 62810 e8bcc7686a563b52372f1d03b5e39106 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 23898 688c33641259b60883572206e151449a http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 136360 752cdbf7c744780a629272335fa52779 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_arm.udeb Size/MD5 checksum: 52720 27a3e489f7ca8ad52bfc076a81348900 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_arm.deb Size/MD5 checksum: 203330 63309ffa0125a0ebf1c4d60831a0f365 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_arm.deb Size/MD5 checksum: 22108 165b6b7584589a653b5c8f6e2619f020 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_arm.deb Size/MD5 checksum: 116164 979ed610597f6e64ae7646e0c93b0d32 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_armel.deb Size/MD5 checksum: 209090 33d3e6b4e7df0e01ea86a61fbb5b4240 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_armel.deb Size/MD5 checksum: 22362 44191b6e3c34c571089c23710da67d5d http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_armel.udeb Size/MD5 checksum: 54240 9bade1198036f567e35d8cc6f37312ea http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_armel.deb Size/MD5 checksum: 118714 7bcda4ddc2817c8aab259378dc660a0c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_hppa.udeb Size/MD5 checksum: 69456 1ff6cd259068a168fa229abaf71cc985 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 261136 bde3165254c6034c331a54c0560d4fcb http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 24828 bb26c745fbb3e3cd9446cb01cc0ad4e7 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 148662 f955833df5ed41fdedc3d5090a43a8e5 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_i386.udeb Size/MD5 checksum: 60816 009c3b55eeeaa87476ff658c5c654791 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 23288 529f392c091e9e09f74e21e77da69f0c http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 168162 01b2166f38485842aab660f0a397487a http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 136330 11942d4c9c36b25882db662b9edf1981 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 210542 54ea496b626a1875b6d7cf7519008ec3 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_i386.deb Size/MD5 checksum: 131876 8c8a91854bf5ee9eec30fda926519bef ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 27426 7d194ae6b0473db3ff5470c10938d964 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 206162 b5b5cd0448f4d4405e547083158d0b33 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 291698 3c2fa7560629d402db2fe09cacf78d65 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_ia64.udeb Size/MD5 checksum: 98262 d2fe5be42499f8cc35727ad1febaba15 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mips.deb Size/MD5 checksum: 234414 c1fe34bff578c026a950a7c3f4c4d771 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mips.udeb Size/MD5 checksum: 61214 4670ea4ec04854955699ef5d1115322f http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mips.deb Size/MD5 checksum: 23794 294282bd2e09d86cdcecb2c7be16a2c7 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mips.deb Size/MD5 checksum: 132784 8ee0a7eabf9781a087dccc9348d9e5c0 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 224124 d846357e369b14081f16cc1576bda554 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 131716 ab80da25bb702bf1eda5659949931cf3 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 23812 0eab513e87cdc4b6af912e8c9b9eb97d http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mipsel.udeb Size/MD5 checksum: 60652 571cd4e1defdffbd231b4f1c30317933 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 140454 57b59323a8fd3f989c4b887a2f435edc http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 143938 14c14076db484cc958e72b9fc4c566db http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 280288 9fadfb58e2302a8b6f57297e65dfd8d3 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 26806 72bac1cc1d74623ba6494645bc4289ab http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_powerpc.deb Size/MD5 checksum: 156730 2aca152555c73b700d1726d1eded7fe4 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_powerpc.udeb Size/MD5 checksum: 64998 989f172b6599508c436bc5a09c91c4f5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 220156 c7fc9bb8b053a250ab3e37bfb2bb5f48 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 24202 f1db3ff06b30af0f9a37669346b03647 http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 134506 d64a081f5c330c143361c5a1adfbe960 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 134478 45bf7476a951dd3d6fb44a230c507f20 http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_s390.deb Size/MD5 checksum: 173076 c2cb8d4e8b9c5f0aaf3700e6efad34e8 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_s390.udeb Size/MD5 checksum: 61936 c87e11d3c3759892c3d6b6f418c2bb95 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_sparc.udeb Size/MD5 checksum: 57658 13a0ac88f44285d0d86dcd38d3deff70 http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 133572 8bab47cce6aabb7d2038c6d528ff02a3 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 23164 4a504bfeb56ecce8f1b7aaaee11b138b http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 171696 8e6d324c284db7a61854d544cb49418e http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 125636 1ab1d2f419627c15d5fb557c515937f6 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 216610 ec3f0144dd15d23fb9bc188b52a26f78 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFLJ++jbxelr8HyTqQRAne2AJ0XhVqrv1+W8I5uFhFjeybYIrvTAwCgoWfG FASZTGkJPeI/o5ja76ls01w= =XgUm -----END PGP SIGNATURE-----