SB2012092402 - Gentoo update for Expat

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2009-3560)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 within the The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.

2) Out-of-bounds read (CVE-ID: CVE-2009-3720)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625 within the The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.

3) Resource management error (CVE-ID: CVE-2012-0876)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4) Input validation error (CVE-ID: CVE-2012-1147)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

5) Memory leak (CVE-ID: CVE-2012-1148)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201209-06