Debian Security Advisory
DLA-1912-1 expat -- LTS security update
- Date Reported:
- 06 Sep 2019
- Affected Packages:
- expat
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-15903.
- More information:
-
It was discovered that there was a heap-based buffer overread vulnerability in expat, an XML parsing library.
- CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
For Debian 8
Jessie
, these problems have been fixed in version 2.1.0-6+deb8u6.We recommend that you upgrade your expat packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2019-15903