Next Page >>
expat
===========================================================
Ubuntu Security Notice USN-890-1 January 20, 2010
expat vulnerabilities
CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Mandriva Linux Security Advisory MDVSA-2009:316-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : January 8, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
After a standard system upgrade you need to restart any applications linked
against XML-RPC for C and C++ to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for XML-RPC for C and C++.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
Debian Security Advisory DSA-1953-2 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
December 31, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : expat
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-3560
Debian Bug : 560901 561658
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for CMake.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
Ubuntu 9.10:
python2.5 2.5.4-1ubuntu6.1
python2.5-minimal 2.5.4-1ubuntu6.1
After a standard system upgrade you need to restart any Python applications
that use the PyExpat module to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.5.
Ubuntu 9.10:
python2.4 2.4.6-1ubuntu3.2.9.10.1
python2.4-minimal 2.4.6-1ubuntu3.2.9.10.1
After a standard system upgrade you need to restart any Python 2.4
applications that use the PyExpat module to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.4.
After a standard system upgrade you need to restart any applications that
use PyXML to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
ESX Service Console updates for newt, nfs-utils, and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,
device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,
bind, expat, openssh, ntp and kernel packages.
2. Relevant releases
VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG,
ESX400-201002406-SG
Mandriva Linux Security Advisory MDVSA-2009:316
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : December 5, 2009
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:316-3
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : January 10, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-1921-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
October 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : expat
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-2625
Debian Bug : 551936
Mandriva Linux Security Advisory MDVSA-2009:316-2
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : January 9, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Debian Security Advisory DSA-1953-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
December 15, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : expat
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-3560
Debian Bug : 560901
Mandriva Linux Security Advisory MDVSA-2009:211-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : December 4, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:211
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : August 23, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Thunderbird:
Security issues in thunderbird could lead to a man-in-the-middle
attack via a spoofed X.509 certificate (CVE-2009-2408).
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update provides the latest version of Thunderbird which are not
vulnerable to these issues.
man-in-the-middle attack via a spoofed X.509 certificate
(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
cause a denial-of-service and possible code execution via a long
domain name in X.509 certificate (CVE-2009-2404).
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update provides the latest versions of the NSS and NSPR libraries
and Thunderbird which are not vulnerable to these issues.
Thunderbird:
Security issues in thunderbird could lead to a man-in-the-middle
attack via a spoofed X.509 certificate (CVE-2009-2408).
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update provides the latest version of Thunderbird which are not
vulnerable to these issues.
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
modules in the Apache HTTP Server, allows remote attackers to
cause a denial of service (memory consumption) via a crafted XML
document containing a large number of nested entity references, as
demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564
Affected: 2008.1, 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update fixes this vulnerability.
_______________________________________________________________________
Affected: 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
Additionally on 2009.0 a patch was added to prevent kompozer from
crashing (#44830), on 2009.1 a format string patch was added to make
* Matthew Palmer reported a heap-based buffer underflow while
compiling search patterns in the apr_strmatch_precompile() function
in strmatch/apr_strmatch.c (CVE-2009-0023).
* kcope reported that the expat XML parser in xml/apr_xml.c does not
limit the amount of XML entities expanded recursively
(CVE-2009-1955).
* C. Michael Pilato reported an off-by-one error in the
apr_brigade_vprintf() function in buckets/apr_brigade.c
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
modules in the Apache HTTP Server, allows remote attackers to
cause a denial of service (memory consumption) via a crafted XML
document containing a large number of nested entity references, as
demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Debian-specific: no
CVE Id : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720
Debian Bug : 493797 560912 560913
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy
in the interpreter for the Python language, does not properly process malformed or
crafted XML files. (CVE-2009-3560 CVE-2009-3720)
This vulnerability could allow an attacker to cause a denial of service while parsing
a malformed XML file.
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Affected: 2008.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update fixes this vulnerability.
_______________________________________________________________________
Thunderbird:
Security issues in thunderbird could lead to a man-in-the-middle
attack via a spoofed X.509 certificate (CVE-2009-2408).
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update provides the latest version of Thunderbird which are not
vulnerable to these issues.
Next Page>>
|
