From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1953-1
[email protected] http://www.debian.org/security/ Stefan Fritsch December 15, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : expat
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-3560
Debian Bug : 560901
Jan Lieskovsky discovered an error in expat, an XML parsing C library,
when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
For the old stable distribution (etch), this problem has been fixed in
version 1.95.8-3.4+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 2.0.1-4+lenny2.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be in version 2.0.1-6.
The builds for the mipsel architecture for the old stable distribution
are not included yet. They will be released when they become available.
We recommend that you upgrade your expat packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
- -------------------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.diff.gz
Size/MD5 checksum: 413321 e6d99f30014fccc0ffb9db1554ba1472
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz
Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.dsc
Size/MD5 checksum: 703 50e1e2ab47fe419e89ef671991ddb3f0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_alpha.deb
Size/MD5 checksum: 69460 59616e932bcd8c86ecd4998fe633f5ee
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb
Size/MD5 checksum: 61198 39a8aaec6ba02d5a206e44db95bc5d87
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_alpha.deb
Size/MD5 checksum: 143250 ac848be2b40296fbdf3a6a6eeed551f4
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_alpha.deb
Size/MD5 checksum: 22360 e3b52bc716fa975c4cc43cc9a00a4546
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_amd64.deb
Size/MD5 checksum: 64628 0ebf8bb1e3b55cf8e751f638881eee14
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_amd64.deb
Size/MD5 checksum: 21518 4ee3b94bccadb231c5ee8e47b9ebe053
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb
Size/MD5 checksum: 56436 e856562cc8156f88ef07d3b79aac9336
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_amd64.deb
Size/MD5 checksum: 133908 30ba0c9b11641b960327577a65ff4423
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_arm.deb
Size/MD5 checksum: 57250 1b0a1f0cf411bb0d437f3a01e5cd3593
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_arm.deb
Size/MD5 checksum: 126100 0f0bcf322522ee564f1c006b9172a873
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_arm.deb
Size/MD5 checksum: 19798 eaea089d8c4d2bfc14ecf7a72f149202
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb
Size/MD5 checksum: 49400 07e75e50c1b7adae634d77763bd5e86e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_hppa.deb
Size/MD5 checksum: 149462 2a9bead50733246e3cc1f8b52c283d6c
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_hppa.deb
Size/MD5 checksum: 22684 44dd6038115624b780f51314b38d1819
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb
Size/MD5 checksum: 64792 aa392afb507d07a4eb4061e6368afd04
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_hppa.deb
Size/MD5 checksum: 73014 a8317a8f7a03f9aa5561fe43fbbdbcae
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb
Size/MD5 checksum: 63130 28f26b307f7cb5b133c7d7b0b7f336dc
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_i386.deb
Size/MD5 checksum: 21090 67a8e21213321cf54be9dc58380ce45f
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb
Size/MD5 checksum: 129822 4e06399f0079e7608d25430ded374d97
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb
Size/MD5 checksum: 54984 64b2c0654425bd1234f5394efb1e2d69
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb
Size/MD5 checksum: 87362 c78054403944437ce5ddfa700ee04532
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_ia64.deb
Size/MD5 checksum: 164964 11efdcba7612853f816112c1b99437d0
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_ia64.deb
Size/MD5 checksum: 25076 e6f02ab66bde8b7de92ef2d97b60f9c0
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_ia64.deb
Size/MD5 checksum: 95858 fe960e6af68f6e12429ee8eb600d80f9
mips architecture (MIPS (Big Endian))
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)