First published: Sat Jan 17 2009(Updated: )
Peter Valchev discovered a flaw in the way expat handled malformed UTF-8 sequences when processing XML files. Incorrect UTF-8 sequenced could cause expat to fail to properly detect end of input and continue reading behind the end of input buffer. This results in a crash once reading reaches unmapped memory. Non-public upstream bug report: <a href="http://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127">http://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127</a> Contents of the report leaked via expat-bugs mailing list posts: <a href="http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html">http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html</a> Upstream patch: <a href="http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15">http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15</a> References: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936</a> <a href="https://bugs.gentoo.org/show_bug.cgi?id=280615">https://bugs.gentoo.org/show_bug.cgi?id=280615</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
James Clark Expat | =2.0.1 | |
A M Kuchling Pyxml | ||
Python Python | ||
redhat/expat | <0:1.95.7-4.el4_8.2 | 0:1.95.7-4.el4_8.2 |
redhat/python | <0:2.3.4-14.10.el4 | 0:2.3.4-14.10.el4 |
redhat/expat | <0:1.95.8-8.3.el5_4.2 | 0:1.95.8-8.3.el5_4.2 |
redhat/python | <0:2.4.3-44.el5 | 0:2.4.3-44.el5 |
redhat/expat | <2.1.0 | 2.1.0 |
All of | ||
Libexpat Project Libexpat | =2.0.1 | |
Any of | ||
A M Kuchling Pyxml | ||
Python Python | ||
Apache HTTP server | >=2.0.35<2.0.64 | |
Apache HTTP server | >=2.2.0<2.2.17 | |
IBM Engineering Requirements Management DOORS | <=9.7.2.8 | |
IBM Engineering Requirements Management DOORS Web Access | <=9.7.2.8 | |
IBM IBM® Rational DOORS/DOORS Web Access | <=9.6.1.x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)