DSA-3898

[oss-security] 20170618 Expat 2.2.1 security fixes

99276

1039427

https://github.com/libexpat/libexpat/blob/master/expat/Changes

https://libexpat.github.io/doc/cve-2017-9233/

https://support.apple.com/HT208112

https://support.apple.com/HT208113

https://support.apple.com/HT208115

https://support.apple.com/HT208144

https://support.f5.com/csp/article/K03244804

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. (CVE-2017-9233)

Impact

BIG-IP

Administrative interfaces, such as iControl SOAP, are vulnerable to a denial-of-service (DoS) attack if a malicious XML document is uploaded to and processed by the BIG-IP system. The XML process in the data plane is not affected.

BIG-IQ

This XML external entity vulnerability may allow attackers to put the parser in an infinite loop using a malformed external entity definition.

The version of Apple iOS running on the mobile device is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208143 security advisory.

The remote host is running a version of macOS that is prior to 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Apache
 - AppSandbox
 - AppleScript
 - Application Firewall
 - ATS
 - Audio
 - CFNetwork
 - CFNetwork Proxies
 - CFString
 - Captive Network Assistant
 - CoreAudio
 - CoreText
 - DesktopServices
 - Directory Utility
 - file
 - Fonts
 - fsck_msdos
 - HFS
 - Heimdal
 - HelpViewer
 - IOFireWireFamily
 - ImageIO
 - Installer
 - Kernel
 - kext tools
 - libarchive
 - libc
 - libexpat
 - Mail
 - Mail Drafts
 - ntp
 - Open Scripting Architecture
 - PCRE
 - Postfix
 - Quick Look
 - QuickTime
 - Remote Management
 - SQLite
 - Sandbox
 - Screen Lock
 - Security
 - Spotlight
 - WebKit
 - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Mitre reports :

An integer overflow during the parsing of XML using the Expat library.

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

python release notes :

Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.

New python packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix security issues.

Python reports :

Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details.

The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - AppSandbox
  - AppleScript
  - Application Firewall
  - ATS
  - Audio
  - CFNetwork
  - CFNetwork Proxies
  - CFString
  - Captive Network Assistant
  - CoreAudio
  - CoreText
  - DesktopServices
  - Directory Utility
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - IOFireWireFamily
  - ImageIO
  - Installer
  - Kernel
  - kext tools
  - libarchive
  - libc
  - libexpat
  - Mail
  - Mail Drafts
  - ntp
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - SQLite
  - Sandbox
  - Screen Lock
  - Security
  - Spotlight
  - WebKit
  - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

New python packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

This update for expat fixes the following issues :

  - CVE-2016-9063: Possible integer overflow to fix inside     XML_Parse leading to unexpected behaviour (bsc#1047240)

  - CVE-2017-9233: External Entity Vulnerability could lead     to denial of service (bsc#1047236)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for expat fixes the following issues :

  - CVE-2016-9063: Possible integer overflow to fix inside     XML_Parse leading to unexpected behaviour (bsc#1047240)

  - CVE-2017-9233: External Entity Vulnerability could lead     to denial of service (bsc#1047236)

This update was imported from the SUSE:SLE-12:Update update project.

It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2016-9063     Gustavo Grieco discovered an integer overflow flaw     during parsing of XML. An attacker can take advantage of     this flaw to cause a denial of service against an     application using the Expat library.

  - CVE-2017-9233     Rhodri James discovered an infinite loop vulnerability     within the entityValueInitProcessor() function while     parsing malformed XML in an external entity. An attacker     can take advantage of this flaw to cause a denial of     service against an application using the Expat library.

It was discovered that there was an infinite loop vulnerability in expat, a XML parsing C library :

https://libexpat.github.io/doc/cve-2017-9233/

For Debian 7 'Wheezy', this issue has been fixed in expat version 2.1.0-1+deb7u5.

We recommend that you upgrade your expat packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124206	F5 Networks BIG-IP : XML vulnerability (K03244804)	Nessus	F5 Networks Local Security Checks	medium
700542	Apple iOS < 11.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
700511	macOS < 10.13 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
110934	FreeBSD : expat -- multiple vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)	Nessus	FreeBSD Local Security Checks	high
109594	FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)	Nessus	FreeBSD Local Security Checks	high
109583	Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)	Nessus	Slackware Local Security Checks	high
103796	FreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30)	Nessus	FreeBSD Local Security Checks	high
103598	macOS < 10.13 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
103424	Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02)	Nessus	Slackware Local Security Checks	high
102989	SUSE SLES11 Security Update : expat (SUSE-SU-2017:2375-1)	Nessus	SuSE Local Security Checks	high
102946	openSUSE Security Update : expat (openSUSE-2017-993)	Nessus	SuSE Local Security Checks	high
102854	SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:2299-1)	Nessus	SuSE Local Security Checks	high
101835	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : expat vulnerability (USN-3356-1)	Nessus	Ubuntu Local Security Checks	medium
101789	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2017-199-01)	Nessus	Slackware Local Security Checks	medium
101578	Fedora 26 : expat (2017-18601ad5d2)	Nessus	Fedora Local Security Checks	high
101509	Fedora 24 : expat (2017-a44f9aa38b)	Nessus	Fedora Local Security Checks	high
101499	Fedora 25 : expat (2017-2c5635cd97)	Nessus	Fedora Local Security Checks	high
101035	Debian DSA-3898-1 : expat - security update	Nessus	Debian Local Security Checks	high
100850	Debian DLA-990-1 : expat security update	Nessus	Debian Local Security Checks	medium

CVE-2017-9233

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins