[SECURITY] [DLA 483-1] expat security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 483-1] expat security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 19 May 2016 22:04:46 +0200
Message-id: <[🔎] 573E1C5E.1050104@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : expat
Version        : 2.1.0-1+deb7u3
CVE ID         : CVE-2016-0718

Gustavo Grieco discovered that Expat, a XML parsing C library, does not
properly handle certain kinds of malformed input documents, resulting in
buffer overflows during processing and error reporting. A remote
attacker can take advantage of this flaw to cause an application using
the Expat library to crash, or potentially, to execute arbitrary code
with the privileges of the user running the application.


For Debian 7 "Wheezy", these problems have been fixed in version
2.1.0-1+deb7u3.

We recommend that you upgrade your expat packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXPhxeXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkqQwP/AyhO1o8Ic/uvthmtKqJkfpC
i5pWOcBeftrma6vTMC9FcxQvRgy66tO43R67E5Y0cPBTkR20qXES1RMYnA1ncv0J
7X45M+4xNuV1PSCnGSOxf8KnbddLc1AQ3FQI4v+LRMSZH5F/eGUgrGAcqqsCK5lA
jgr+sqa4EGyO6tnsqLdGNqwzU5i6hmIDzedS9nqxUVTrbbIRuA+sY5XVfGxlgszA
NIw1b04VL10XnL8QNA8ZR4FDMYVZ6nRY1AEumjGlNI5F48TN3D8sPXyAe94axR5S
rRF8U3eBrxjnSnLtQqnNWzMyWUuG0GqhqgIQRlN6DEobPYFhUtkmH8JymhnOyVP4
B3Ex65F6mW1XlS4SSm+gOq+LZSDjLjmxxtsRGpXWXxWknRcWI1NXOCxxtkK3b9TU
xsHNygy5HlYYWyJyr0/jL72Jo70DNXr+HrQ30M74Lpom7qDaQAz8UvXGjcTxfhgo
Ktk1jOjdApN9Xkyu2YaghFCcwxrtWxfHZIhAPK5ZDmnC9AIvx8Of/zS52IfYzxhi
6dBTs469djsMKnsFuJYFf1lpnPCdi6ZXsjs4TKAshyPYJqTX1fvWW3L4IyEI54PH
15vIbIGBV8UDdS/KQx38qkw48UjI4PvSfATbEQrY7FB2Owp9vUyLAFhd6d2HKoS8
C315BkNQLNU5VjIYxz7X
=SHcg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 482-1] libgd2 security update
Next by Date: [SECURITY] [DLA 484-1] graphicsmagick security update
Previous by thread: [SECURITY] [DLA 482-1] libgd2 security update
Next by thread: [SECURITY] [DLA 484-1] graphicsmagick security update
Index(es):
- Date
- Thread