Debian: DSA-3898-1 Critical: Expat DoS Issues and Fixes
debian
June 25, 2017
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library
Topics Covered
Summary
CVE-2016-9063
Gustavo Grieco discovered an integer overflow flaw during parsing of
XML. An attacker can take advantage of this flaw to cause a denial
of service against an application using the Expat library.
CVE-2017-9233
Rhodri James discovered an infinite loop vulnerability within the
entityValueInitProcessor() function while parsing malformed XML
in an external entity. An attacker can take advantage of this
flaw to cause a denial of service against an application using
the Expat library.
For the oldstable distribution (jessie), these problems have been fixed
in version 2.1.0-6+deb8u4.
For the stable distribution (stretch), these problems have been fixed in
version 2.2.0-2+deb9u1. For the stable distribution (stretch),
CVE-2016-9063 was already fixed before the initial release.
For the testing distribution (buster), these problems have been fixed
in version 2.2.1-1 or earlier version.
For the unstable distribution (sid), these problems have been fixed in
version 2.2...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: expat
CVE ID: CVE-2016-9063 CVE-2017-9233
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!