エラータID: AXSA:2020-569:02

Release date: 
Monday, October 5, 2020 - 10:50
Affected Channels: 
Asianux Server 7 for x86_64

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)

* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.9 Release Notes linked from the References section.

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.


Update packages.

Additional Info: 



  1. expat-2.1.0-12.el7.src.rpm
    MD5: 58d0cb6575e4e9b727a63f61591d333b
    SHA-256: 6c61e111573bcada06afa291360c9b5516de58639cb58e58b70ebb6354100991
    Size: 568.58 kB

Asianux Server 7 for x86_64
  1. expat-2.1.0-12.el7.x86_64.rpm
    MD5: fc37bcdd09ab7d18e0ed382348f67ab9
    SHA-256: 45483f03450583f1e16ce3901612dafc12a6932a538ae7eb95e7197aa397db95
    Size: 79.79 kB
  2. expat-devel-2.1.0-12.el7.x86_64.rpm
    MD5: f5ffb6259f62f9892d9b3969113cd714
    SHA-256: 1abdf22fa6a39b1b413d864db10fb0973d3e57b6b21b8abcf3ca773cdab13ffa
    Size: 55.86 kB
  3. expat-2.1.0-12.el7.i686.rpm
    MD5: c45f9e01420121178c63b2e4936db817
    SHA-256: af72e33e7a9387e1d2a1d832a46ae3fd0e5fd11cacb3a69cc6b852d699545051
    Size: 79.70 kB
  4. expat-devel-2.1.0-12.el7.i686.rpm
    MD5: 75eca9daef847101736269c2d6886097
    SHA-256: 89bd02eb7d9f050ee595dae703ed0c6312dd9177cf5adb966f6ec7440cd156b9
    Size: 55.89 kB