Forum: >>> Magnum BBS <<<

[SECURITY] [DSA-1953-2] New expat packages fix regression (1/3)

From Stefan Fritsch@1:229/2 to All on Thu Dec 31 15:20:01 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1953-2 [email protected] http://www.debian.org/security/ Stefan Fritsch December 31, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : expat
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-3560
Debian Bug : 560901 561658

The expat updates released in DSA-1953-1 caused a regression: In some
cases, expat would abort with the message "error in processing external
entity reference".

For the old stable distribution (etch), this problem has been fixed in
version 1.95.8-3.4+etch3.

For the stable distribution (lenny), this problem has been fixed in
version 2.0.1-4+lenny3.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your expat packages.

For reference, the original advisory text is provided below.

Jan Lieskovsky discovered an error in expat, an XML parsing C library,
when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch (oldstable)
- -------------------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3.dsc
Size/MD5 checksum: 703 dc4b1744126125076c101096cd8ee0ab
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz
Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3.diff.gz
Size/MD5 checksum: 413486 61974eddb0940c5fcbdc6c8e8c7d77ee

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_alpha.deb
Size/MD5 checksum: 69540 0dd4beb265a355059da5493e6e055358
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_alpha.deb
Size/MD5 checksum: 22400 ced8d1aec911ac230d7b9316266e497e
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_alpha.deb
Size/MD5 checksum: 143198 1cae2e63c8b6d23065b4e3bc1eddafad
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_alpha.udeb
Size/MD5 checksum: 61242 32ddd8b14c7b53e8c8f24a3209854deb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_amd64.deb
Size/MD5 checksum: 64742 3647c9e24678bdb2f67565b19343e182
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_amd64.deb
Size/MD5 checksum: 21568 c374f70f56b491b2a433fb52cc0cd9c5
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_amd64.udeb
Size/MD5 checksum: 56498 cb988b6a99abba9a4e83d94c87c67beb
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_amd64.deb
Size/MD5 checksum: 134074 63d86aa6106c5e0ec60e0f271b69ccb8

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_arm.udeb
Size/MD5 checksum: 49436 fc58417fe2ed502fb479f29af596641b
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_arm.deb
Size/MD5 checksum: 19860 eb5abe1650682c1a1d7a3f3af4d94321
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_arm.deb
Size/MD5 checksum: 57340 77f5c9b0f78ca6b19d76b2253bee0d59
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_arm.deb
Size/MD5 checksum: 126218 0f9b91af3f1a4e4a36ff70e79c98d789

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_hppa.udeb
Size/MD5 checksum: 64800 2ea496e98886dbb373009dbe15e423dd
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_hppa.deb
Size/MD5 checksum: 22728 0b9d6affa1488fea43d2e1e4816139ce
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_hppa.deb
Size/MD5 checksum: 73062 fa2c9ca6ddb37a7fe058eccfff268b26
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_hppa.deb
Size/MD5 checksum: 151940 a615081dba00562e1d2e9ac68c223276

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_i386.udeb
Size/MD5 checksum: 54992 8b4d6a3739653d5158c527000eb08701
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_i386.deb
Size/MD5 checksum: 63194 b4ce5489fcb44555acba9aefc022d188
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_i386.deb
Size/MD5 checksum: 21158 60ee653353eaedddc9390e9747b9d669
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_i386.deb
Size/MD5 checksum: 130028 990eba22f2b6d8e05b61e0242a03a822

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch3_ia64.deb
Size/MD5 checksum: 95948 8bd3da491fe5eb8533acd702ab00946b
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch3_ia64.udeb
Size/MD5 checksum: 87382 ba190b269289552760bbd8a5769a09c0
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch3_ia64.deb
Size/MD5 checksum: 25128 16e932c435c7fa41ae1ed43c765694dd
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch3_ia64.deb
Size/MD5 checksum: 165122 a53048245382e6459dd6879f6ea858ce

mips architecture (MIPS (Big Endian))

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Tue Jun 9 11:18:15 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Tue Jun 9 10:31:07 2026
  from Wales, Uk via Telnet
- Centurion
  Mon Jun 8 23:30:43 2026
  from Berea, Ohio via Telnet
- Centurion
  Mon Jun 8 21:33:11 2026
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 8 20:15:00 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	44:05:55
Calls:	12,111
Calls today:	2
Files:	15,008
Messages:	6,518,445

[SECURITY] [DSA-1953-2] New expat packages fix regression (1/3)

Who's Online

Recent Visitors

System Info