Advisories » MGASA-2017-0214

Updated expat packages fix security vulnerabilities

Publication date: 23 Jul 2017
Modification date: 23 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9063 , CVE-2017-9233

Description

Gustavo Grieco discovered an integer overflow flaw during parsing of
XML. An attacker can take advantage of this flaw to cause a denial of
service against an application using the Expat library (CVE-2016-9063).

Rhodri James discovered an infinite loop vulnerability within the
entityValueInitProcessor() function while parsing malformed XML in an
external entity. An attacker can take advantage of this flaw to cause a
denial of service against an application using the Expat library
(CVE-2017-9233).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21108
• https://www.debian.org/security/2017/dsa-3898
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233

SRPMS

5/core

• expat-2.1.0-9.5.mga5