FEDORA-2019-18868e1715 created by jorton 11 months ago for Fedora 30
stable

This update includes a fix for a security vulnerability, CVE_2018-20843:

Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks

For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5

How to install

sudo dnf upgrade --advisory=FEDORA-2019-18868e1715

This update has been submitted for testing by jorton.

11 months ago

This update test gating status has been changed to 'waiting'.

11 months ago

This update test gating status has been changed to 'ignored'.

11 months ago

This update has been pushed to testing.

11 months ago
User Icon bojan provided feedback 11 months ago
karma
karma
BZ#1722224 expat-2.2.7 is available
User Icon pwalter commented & provided feedback 10 months ago
karma

Works

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
11 months ago
in testing
11 months ago
in stable
10 months ago
BZ#1722224 expat-2.2.7 is available
0
1
BZ#1723724 CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS [fedora-all]
0
0

Automated Test Results