[SECURITY] [DSA 2525-1] expat security update

2012-08-0620:37:11

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Debian Security Advisory DSA-2525-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
August 06, 2012 http://www.debian.org/security/faq

Package : expat
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2012-0876 CVE-2012-1148

It was discovered that Expat, a C library to parse XML, is vulnerable
to denial of service through hash collisions and a memory leak in
pool handling.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.1-7+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 2.1.0~beta3-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.0~beta3-1.

We recommend that you upgrade your expat packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6i386lib64expat1-dev< 2.0.1-7+squeeze1lib64expat1-dev_2.0.1-7+squeeze1_i386.deb
Debian6i386libexpat1-dev< 2.0.1-7+squeeze1libexpat1-dev_2.0.1-7+squeeze1_i386.deb
Debian6powerpclibexpat1-udeb< 2.0.1-7+squeeze1libexpat1-udeb_2.0.1-7+squeeze1_powerpc.deb
Debian6s390lib64expat1-dev< 2.0.1-7+squeeze1lib64expat1-dev_2.0.1-7+squeeze1_s390.deb
Debian6kfreebsd-i386libexpat1< 2.0.1-7+squeeze1libexpat1_2.0.1-7+squeeze1_kfreebsd-i386.deb
Debian6armellibexpat1-dev< 2.0.1-7+squeeze1libexpat1-dev_2.0.1-7+squeeze1_armel.deb
Debian6kfreebsd-i386libexpat1-dev< 2.0.1-7+squeeze1libexpat1-dev_2.0.1-7+squeeze1_kfreebsd-i386.deb
Debian6amd64libexpat1-dev< 2.0.1-7+squeeze1libexpat1-dev_2.0.1-7+squeeze1_amd64.deb
Debian6sparclibexpat1< 2.0.1-7+squeeze1libexpat1_2.0.1-7+squeeze1_sparc.deb
Debian6mipslibexpat1< 2.0.1-7+squeeze1libexpat1_2.0.1-7+squeeze1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	i386	lib64expat1-dev	< 2.0.1-7+squeeze1	lib64expat1-dev_2.0.1-7+squeeze1_i386.deb
Debian	6	i386	libexpat1-dev	< 2.0.1-7+squeeze1	libexpat1-dev_2.0.1-7+squeeze1_i386.deb
Debian	6	powerpc	libexpat1-udeb	< 2.0.1-7+squeeze1	libexpat1-udeb_2.0.1-7+squeeze1_powerpc.deb
Debian	6	s390	lib64expat1-dev	< 2.0.1-7+squeeze1	lib64expat1-dev_2.0.1-7+squeeze1_s390.deb
Debian	6	kfreebsd-i386	libexpat1	< 2.0.1-7+squeeze1	libexpat1_2.0.1-7+squeeze1_kfreebsd-i386.deb
Debian	6	armel	libexpat1-dev	< 2.0.1-7+squeeze1	libexpat1-dev_2.0.1-7+squeeze1_armel.deb
Debian	6	kfreebsd-i386	libexpat1-dev	< 2.0.1-7+squeeze1	libexpat1-dev_2.0.1-7+squeeze1_kfreebsd-i386.deb
Debian	6	amd64	libexpat1-dev	< 2.0.1-7+squeeze1	libexpat1-dev_2.0.1-7+squeeze1_amd64.deb
Debian	6	sparc	libexpat1	< 2.0.1-7+squeeze1	libexpat1_2.0.1-7+squeeze1_sparc.deb
Debian	6	mips	libexpat1	< 2.0.1-7+squeeze1	libexpat1_2.0.1-7+squeeze1_mips.deb