|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:211
http://www.mandriva.com/security/
_______________________________________________________________________
Package : expat
Date : August 23, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update fixes this vulnerability.
_______________________________________________________________________
References:
https://bugs.gentoo.org/show_bug.cgi?id=280615
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
2181b28d804e6a33c07d1369ac34381f 2008.1/i586/expat-2.0.1-6.1mdv2008.1.i586.rpm
ce96e8fb6660cd1a7d9a2e1a72ad0bb2 2008.1/i586/libexpat1-2.0.1-6.1mdv2008.1.i586.rpm
0657eb1a9fa861a854a336039f736823 2008.1/i586/libexpat1-devel-2.0.1-6.1mdv2008.1.i586.rpm
f8803e21a02d9dbb434c903f33743c33 2008.1/SRPMS/expat-2.0.1-6.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
924f2ccbc644a463446e3c89da0cae02 2008.1/x86_64/expat-2.0.1-6.1mdv2008.1.x86_64.rpm
87aa4714f2b4a9a85584c4ea53e01458 2008.1/x86_64/lib64expat1-2.0.1-6.1mdv2008.1.x86_64.rpm
0b3b9d8fade37a8e84a9301071a4c2ca 2008.1/x86_64/lib64expat1-devel-2.0.1-6.1mdv2008.1.x86_64.rpm
f8803e21a02d9dbb434c903f33743c33 2008.1/SRPMS/expat-2.0.1-6.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
0e8bc1a07fc860c1dec006eefc561168 2009.0/i586/expat-2.0.1-7.1mdv2009.0.i586.rpm
89bc879a2ddc2c1d66a61bf98aec412e 2009.0/i586/libexpat1-2.0.1-7.1mdv2009.0.i586.rpm
2c0190d81a5ba7aeac080590dae19c1f 2009.0/i586/libexpat1-devel-2.0.1-7.1mdv2009.0.i586.rpm
f7455a677794c15ed12ff422cb15ee5b 2009.0/SRPMS/expat-2.0.1-7.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
a0a31e8488c957af356837979c9744a8 2009.0/x86_64/expat-2.0.1-7.1mdv2009.0.x86_64.rpm
98962e50eda12a034dc33c0a63ed4bcd 2009.0/x86_64/lib64expat1-2.0.1-7.1mdv2009.0.x86_64.rpm
1490a6e22c7be148c5b8124161c8af77 2009.0/x86_64/lib64expat1-devel-2.0.1-7.1mdv2009.0.x86_64.rpm
f7455a677794c15ed12ff422cb15ee5b 2009.0/SRPMS/expat-2.0.1-7.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
4a3596bf4412063c6ae66dc8683a4f9b 2009.1/i586/expat-2.0.1-8.1mdv2009.1.i586.rpm
deaaf243964c6a2474dcec09330fc9f2 2009.1/i586/libexpat1-2.0.1-8.1mdv2009.1.i586.rpm
e61bc3f518380208efef1e96957fe82b 2009.1/i586/libexpat1-devel-2.0.1-8.1mdv2009.1.i586.rpm
1714e6e953a636a670e0edb2b22a0609 2009.1/SRPMS/expat-2.0.1-8.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
c6da3c24dc9dd9a252bb9ad429fcce19 2009.1/x86_64/expat-2.0.1-8.1mdv2009.1.x86_64.rpm
403c2aab97db57186f874380cb0ae92e 2009.1/x86_64/lib64expat1-2.0.1-8.1mdv2009.1.x86_64.rpm
cb05ef127f3bf2a4932183b40327aa9e 2009.1/x86_64/lib64expat1-devel-2.0.1-8.1mdv2009.1.x86_64.rpm
1714e6e953a636a670e0edb2b22a0609 2009.1/SRPMS/expat-2.0.1-8.1mdv2009.1.src.rpm
Corporate 3.0:
e919c13542e3a132b4a583244575d4c3 corporate/3.0/i586/expat-1.95.6-4.1.C30mdk.i586.rpm
75904e11c8a4024d062d0c89c8ac8632 corporate/3.0/i586/libexpat0-1.95.6-4.1.C30mdk.i586.rpm
bdd6ba554e42e029cdaa84b4234ec11c corporate/3.0/i586/libexpat0-devel-1.95.6-4.1.C30mdk.i586.rpm
7dc8dc2309d8581ed940164de4d3d4b2 corporate/3.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
008a22f8ee7be70f8fd15b6da488eb80 corporate/3.0/x86_64/expat-1.95.6-4.1.C30mdk.x86_64.rpm
6cb25f21cdb04c23d7afe98922f45991 corporate/3.0/x86_64/lib64expat0-1.95.6-4.1.C30mdk.x86_64.rpm
8a3c52fdc2f968e02da8c3d601a4623f corporate/3.0/x86_64/lib64expat0-devel-1.95.6-4.1.C30mdk.x86_64.rpm
7dc8dc2309d8581ed940164de4d3d4b2 corporate/3.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm
Corporate 4.0:
f7ccfcb5fa238354660c949721e5517e corporate/4.0/i586/expat-1.95.8-1.1.20060mlcs4.i586.rpm
dc10209ef2ca50a2916b82d94642588f corporate/4.0/i586/libexpat0-1.95.8-1.1.20060mlcs4.i586.rpm
ba35ae7acdc791318b940503f2710de2 corporate/4.0/i586/libexpat0-devel-1.95.8-1.1.20060mlcs4.i586.rpm
ed7ae760e4c6d2a97bcdb80b9a8c3100 corporate/4.0/SRPMS/expat-1.95.8-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
824058717dab89a7feb0b8ca42261132 corporate/4.0/x86_64/expat-1.95.8-1.1.20060mlcs4.x86_64.rpm
7e3ae47825cf85c709072ed671d113c2 corporate/4.0/x86_64/lib64expat0-1.95.8-1.1.20060mlcs4.x86_64.rpm
332a358417c3688cc2f892c44142aac7 corporate/4.0/x86_64/lib64expat0-devel-1.95.8-1.1.20060mlcs4.x86_64.rpm
ed7ae760e4c6d2a97bcdb80b9a8c3100 corporate/4.0/SRPMS/expat-1.95.8-1.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
f3ee754080518a50dd02eb9d5117d9ed mes5/i586/expat-2.0.1-7.1mdvmes5.i586.rpm
3260998cf9124fb8c6b926c8e029f611 mes5/i586/libexpat1-2.0.1-7.1mdvmes5.i586.rpm
83b2639918048c8550a706992b24c721 mes5/i586/libexpat1-devel-2.0.1-7.1mdvmes5.i586.rpm
627e55a3b171bfadc534bce48e1e7df0 mes5/SRPMS/expat-2.0.1-7.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
7ed7a4ff0d119f3f8b04835e8b1444c3 mes5/x86_64/expat-2.0.1-7.1mdvmes5.x86_64.rpm
538d665ead102ab2627c946dc8dc24a4 mes5/x86_64/lib64expat1-2.0.1-7.1mdvmes5.x86_64.rpm
9067f6f0bfa0aa430310dd6c6ef4fecf mes5/x86_64/lib64expat1-devel-2.0.1-7.1mdvmes5.x86_64.rpm
627e55a3b171bfadc534bce48e1e7df0 mes5/SRPMS/expat-2.0.1-7.1mdvmes5.src.rpm
Multi Network Firewall 2.0:
cd948d7d4a17d3827a3d3f1df7f9df41 mnf/2.0/i586/expat-1.95.6-4.1.C30mdk.i586.rpm
29cb9b5d17c8526942dbca13a64ea6a5 mnf/2.0/i586/libexpat0-1.95.6-4.1.C30mdk.i586.rpm
6560352697766961d656e92eac8a5845 mnf/2.0/i586/libexpat0-devel-1.95.6-4.1.C30mdk.i586.rpm
95a9587cb54aabc712605bc09bf22a9a mnf/2.0/SRPMS/expat-1.95.6-4.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team