Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-3898-1 expat -- security update

Related Vulnerabilities: CVE-2016-9063   CVE-2017-9233  

Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. CVE-2017-9233 Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 2.2.0-2+deb9u1. For the stable distribution (stretch), CVE-2016-9063 was already fixed before the initial release. For the testing distribution (buster), these problems have been fixed in version 2.2.1-1 or earlier version. For the unstable distribution (sid), these problems have been fixed in version 2.2.1-1 or earlier version. We recommend that you upgrade your expat packages.

Source

Debian Security Advisory

DSA-3898-1 expat -- security update

Date Reported:
25 Jun 2017
Affected Packages:
expat
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-9063, CVE-2017-9233.
More information:

Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2016-9063

    Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.

  • CVE-2017-9233

    Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.

For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u4.

For the stable distribution (stretch), these problems have been fixed in version 2.2.0-2+deb9u1. For the stable distribution (stretch), CVE-2016-9063 was already fixed before the initial release.

For the testing distribution (buster), these problems have been fixed in version 2.2.1-1 or earlier version.

For the unstable distribution (sid), these problems have been fixed in version 2.2.1-1 or earlier version.

We recommend that you upgrade your expat packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started