FEDORA-2019-139fcda84d created by jorton 11 months ago for Fedora 29
stable

This update includes a fix for a security vulnerability, CVE-2018-20843:

Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks

For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5

How to install

sudo dnf upgrade --advisory=FEDORA-2019-139fcda84d

This update has been submitted for testing by jorton.

11 months ago

This update test gating status has been changed to 'waiting'.

11 months ago

This update test gating status has been changed to 'ignored'.

11 months ago

This update has been pushed to testing.

11 months ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

10 months ago

jorton edited this update.

10 months ago

This update has been submitted for stable by jorton.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
11 months ago
in testing
11 months ago
in stable
10 months ago
modified
10 months ago
BZ#1722224 expat-2.2.7 is available
0
0
BZ#1723724 CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS [fedora-all]
0
0

Automated Test Results