Nacionalni CERT

Sigurnosni nedostaci programskog paketa expat

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-18601ad5d2<br />2017-07-14 11:45:23.815496<br />--------------------------------------------------------------------------------<br /><br />Name : expat<br />Product : Fedora 26<br />Version : 2.2.1<br />Release : 1.fc26<br />URL : https://libexpat.github.io/<br />Summary : An XML parser library<br />Description :<br />This is expat, the C library for parsing XML, written by James Clark. Expat<br />is a stream oriented XML parser. This means that you register handlers with<br />the parser prior to starting the parse. These handlers are called when the<br />parser discovers the associated structures in the document being parsed. A<br />start tag is an example of the kind of structures for which you may<br />register handlers.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1462756 - CVE-2016-9063 expat: firefox: Possible integer overflow to fix inside XML_Parse in Expat [fedora-all]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1462756<br /> [ 2 ] Bug #1462735 - CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity [fedora-all]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1462735<br /> [ 3 ] Bug #1462474 - expat-2.2.1 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1462474<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade expat' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriveni su sigurnosni nedostaci u programskom paketu expat za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje izdanim zakrpama.