The ChangeLog found at: http://sourceforge.net/projects/expat/files/expat/2.1.0/ references 5 CVEs fixed in that release, - CVE-2012-1147 - CVE-2009-3720 - CVE-2009-3560 - CVE-2012-1148 - CVE-2012-0876 The two CVEs from 2009 were fixed by Mandriva before the package was imported into Mageia. Mageia 1 and Mageia 2 (Cauldron) are vulnerable to the others. Mandriva has issued this advisory today (March 27): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:041 It references CVE-2012-1148 and CVE-2012-0876, but not CVE-2012-1147. Patches are here: http://svn.mandriva.com/svn/packages/updates/2010.1/expat/current/SOURCES/expat-2.0.1-CVE-2012-0876.diff http://svn.mandriva.com/svn/packages/updates/2010.1/expat/current/SOURCES/expat-2.0.1-CVE-2012-1148.diff
CC: (none) => mageia
Here is the patch for CVE-2012-1147: http://sourceforge.net/tracker/download.php?group_id=10127&atid=110127&file_id=350362&aid=2895533 Reference: http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2895533&group_id=10127
Blocks: (none) => 5046
Status: NEW => ASSIGNEDCC: (none) => guillomovitchAssignee: bugsquad => guillomovitch
2.1.0 version submitted for cauldron.
expat-2.0.1-14.1.mga submitted for updates_testing.
Did the Cauldron update get blocked by the version freeze?
Oh, I see. Freeze push requested.
Advisory ======================== Updated expat packages fix security vulnerabilities: A memory leak and a hash table collision flaw in expat could cause denial of service (DoS) attacks (CVE-2012-0876, CVE-2012-1148). A resource leak was caused by file descriptors not being closed in readfilemap.c, which could also cause a denial of service (CVE-2012-1147). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148 http://sourceforge.net/projects/expat/files/expat/2.1.0/ http://www.net-security.org/vuln.php?id=16267 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:041 ======================== Updated packages in core/updates_testing: ======================== expat-2.0.1-14.1.mga1 libexpat1-2.0.1-14.1.mga1 libexpat1-devel-2.0.1-14.1.mga1 from expat-2.0.1-14.1.mga1.src.rpm
Assignee: guillomovitch => qa-bugs
Blocks: 5046 => (none)
Testing complete on i586 for the srpm expat-2.0.1-14.1.mga1.src.rpm No POC, so just testing that it works ... $ xmlwf /etc/xml/catalog $ xmlwf /etc/passwd /etc/passwd:1:16: not well-formed (invalid token)
CC: (none) => davidwhodgins
tested ok x86_64 Advisory in comment 6 Could sysadmin please push from core/updates_testing to core/updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
Update pushed
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED