[USN-890-1] Expat vulnerabilities

By | 2010/01/20

The following security announcement applies to Expat. If you have Expat installed, please see below for details on the vulnerability and instructions on patching your system:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560).

The above security vulnerabilities apply to the following Ubuntu releases:

  • Ubuntu 6.06 LTS
  • Ubuntu 8.04 LTS
  • Ubuntu 8.10
  • Ubuntu 9.04
  • Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.