Fedora 30: expat FEDORA-2019-18868e1715

    Date09 Jul 2019
    CategoryFedora
    1473
    Posted ByLinuxSecurity Advisories
    This update includes a fix for a security vulnerability, CVE_2018-20843: > Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks For more information on the changes in 2.2.7, see the upstream release
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-18868e1715
    2019-07-10 00:51:11.941556
    --------------------------------------------------------------------------------
    
    Name        : expat
    Product     : Fedora 30
    Version     : 2.2.7
    Release     : 1.fc30
    URL         : https://libexpat.github.io/
    Summary     : An XML parser library
    Description :
    This is expat, the C library for parsing XML, written by James Clark. Expat
    is a stream oriented XML parser. This means that you register handlers with
    the parser prior to starting the parse. These handlers are called when the
    parser discovers the associated structures in the document being parsed. A
    start tag is an example of the kind of structures for which you may
    register handlers.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update includes a fix for a security vulnerability, CVE_2018-20843:  > Fix
    extraction of namespace prefixes from XML names;  XML names with multiple colons
    could end up in the wrong namespace, and take a high amount of RAM and CPU
    resources while processing, opening the door to use for denial-of-service
    attacks  For more information on the changes in 2.2.7, see the upstream release
    notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Jun 27 2019 Joe Orton  - 2.2.7-1
    - update to 2.2.7 (#1723724, #1722224)
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1723724 - CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1723724
      [ 2 ] Bug #1722224 - expat-2.2.7 is available
            https://bugzilla.redhat.com/show_bug.cgi?id=1722224
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-18868e1715' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.