 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 8 Dec 2009 11:06:31 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: expat security update
Issue date: 2009-12-07
CVE Names: CVE-2009-3560 CVE-2009-3720
CVE-2009-3720 expat: buffer over-read and crash on XML with malformed
UTF-8 sequences
CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML
with malformed UTF-8 sequences
Two buffer over-read flaws were found in the way Expat handled malformed
UTF-8 sequences when processing XML files. A specially-crafted XML file
could cause applications using Expat to crash while parsing the file.
(CVE-2009-3560, CVE-2009-3720)
After installing the updated packages, applications using the Expat
library must be restarted for the update to take effect.
SL 3.0.x
SRPMS:
expat-1.95.5-6.2.src.rpm
i386:
expat-1.95.5-6.2.i386.rpm
expat-devel-1.95.5-6.2.i386.rpm
x86_64:
expat-1.95.5-6.2.i386.rpm
expat-1.95.5-6.2.x86_64.rpm
expat-devel-1.95.5-6.2.x86_64.rpm
SL 4.x
SRPMS:
expat-1.95.7-4.el4_8.2.src.rpm
i386:
expat-1.95.7-4.el4_8.2.i386.rpm
expat-devel-1.95.7-4.el4_8.2.i386.rpm
x86_64:
expat-1.95.7-4.el4_8.2.i386.rpm
expat-1.95.7-4.el4_8.2.x86_64.rpm
expat-devel-1.95.7-4.el4_8.2.i386.rpm
expat-devel-1.95.7-4.el4_8.2.x86_64.rpm
SL 5.x
SRPMS:
expat-1.95.8-8.3.el5_4.2.src.rpm
i386:
expat-1.95.8-8.3.el5_4.2.i386.rpm
expat-devel-1.95.8-8.3.el5_4.2.i386.rpm
x86_64:
expat-1.95.8-8.3.el5_4.2.i386.rpm
expat-1.95.8-8.3.el5_4.2.x86_64.rpm
expat-devel-1.95.8-8.3.el5_4.2.i386.rpm
expat-devel-1.95.8-8.3.el5_4.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
