Fedora 11: expat Security Update

    Date04 Dec 2009
    CategoryFedora
    79
    Posted ByLinuxSecurity Advisories
    A buffer over-read flaw was found in the way Expat handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560)
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-12716
    2009-12-04 22:42:28
    --------------------------------------------------------------------------------
    
    Name        : expat
    Product     : Fedora 11
    Version     : 2.0.1
    Release     : 8.fc11
    URL         : http://www.libexpat.org/
    Summary     : An XML parser library
    Description :
    This is expat, the C library for parsing XML, written by James Clark. Expat
    is a stream oriented XML parser. This means that you register handlers with
    the parser prior to starting the parse. These handlers are called when the
    parser discovers the associated structures in the document being parsed. A
    start tag is an example of the kind of structures for which you may
    register handlers.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    A buffer over-read flaw was found in the way Expat handles malformed UTF-8
    sequences when processing XML files. A specially-crafted XML file could cause
    applications using Expat to crash while parsing the file. (CVE-2009-3560)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Dec  1 2009 Joe Orton  - 2.0.1-8
    - add security fix for CVE-2009-3560 (#533174)
    - run the test suite
    * Fri Oct 30 2009 Joe Orton  - 2.0.1-6.1
    - add security fix for CVE-2009-3720
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
            https://bugzilla.redhat.com/show_bug.cgi?id=533174
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update expat' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    http://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.