Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 3898-1 (expat - security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. CVE-2017-9233 Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.
Affected Software
Affected Software
expat on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 2.2.0-2+deb9u1. For the stable distribution (stretch), CVE-2016-9063 was already fixed before the initial release. For the testing distribution (buster), these problems have been fixed in version 2.2.1-1 or earlier version. For the unstable distribution (sid), these problems have been fixed in version 2.2.1-1 or earlier version. We recommend that you upgrade your expat packages.