Debian DSA-1953-1 : expat - denial of service
Medium Nessus Plugin ID 44818
SynopsisThe remote Debian host is missing a security-related update.
DescriptionJan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
SolutionUpgrade the expat packages.
For the oldstable distribution (etch), this problem has been fixed in version 1.95.8-3.4+etch2.
For the stable distribution (lenny), this problem has been fixed in version 2.0.1-4+lenny2.
The builds for the mipsel architecture for the oldstable distribution are not included yet. They will be released when they become available.