FEDORA-2019-139fcda84d

security update in Fedora 29 for expat

Status: stable 3 months ago

This update includes a fix for a security vulnerability, CVE-2018-20843:

Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks

For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5

How to install

sudo dnf upgrade --advisory=FEDORA-2019-139fcda84d

Comments 8

This update has been submitted for testing by jorton.

This update test gating status has been changed to 'waiting'.

This update test gating status has been changed to 'ignored'.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

jorton edited this update.

This update has been submitted for stable by jorton.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 4 months ago
in testing 4 months ago
in stable 3 months ago
modified 3 months ago

Related Bugs 2

00 #1722224 expat-2.2.7 is available
00 #1723724 CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS [fedora-all]

Automated Test Results