Fedora 10: expat Security Update

    Date 04 Dec 2009
    174
    Posted By LinuxSecurity Advisories
    A buffer over-read flaw was found in the way Expat handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560)
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-12690
    2009-12-04 22:41:54
    --------------------------------------------------------------------------------
    
    Name        : expat
    Product     : Fedora 10
    Version     : 2.0.1
    Release     : 8.fc10
    URL         : https://www.libexpat.org/
    Summary     : An XML parser library
    Description :
    This is expat, the C library for parsing XML, written by James Clark. Expat
    is a stream oriented XML parser. This means that you register handlers with
    the parser prior to starting the parse. These handlers are called when the
    parser discovers the associated structures in the document being parsed. A
    start tag is an example of the kind of structures for which you may
    register handlers.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    A buffer over-read flaw was found in the way Expat handles malformed UTF-8
    sequences when processing XML files. A specially-crafted XML file could cause
    applications using Expat to crash while parsing the file. (CVE-2009-3560)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Dec  1 2009 Joe Orton  - 2.0.1-8
    - add security fix for CVE-2009-3560 (#533174)
    - run the test suite
    * Fri Oct 30 2009 Joe Orton  - 2.0.1-5.1
    - add security fix for CVE-2009-3720
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
            https://bugzilla.redhat.com/show_bug.cgi?id=533174
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update expat' at the command line.
    For more information, refer to "Managing Software with yum",
    available at https://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/fedora-package-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"97","type":"x","order":"1","pct":80.17,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":14.88,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":4.96,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.