Security Information / 2012 / Security Information -- DSA-2525-1 expat

Debian Security Advisory

DSA-2525-1 expat -- several vulnerabilities

Date Reported:

06 Aug 2012

Affected Packages:

expat

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-0876, CVE-2012-1148.

More information:

It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.

For the stable distribution (squeeze), this problem has been fixed in version 2.0.1-7+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 2.1.0~beta3-1.

For the unstable distribution (sid), this problem has been fixed in version 2.1.0~beta3-1.

We recommend that you upgrade your expat packages.