Note: This is an archival copy of Security Sun Alert 273630 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021686.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple Security Vulnerabilities in the libexpat Library May Lead to a Denial of Service (DoS) Condition
Multiple security vulnerabilities have been identified in libexpat, a library for parsing XML files. These vulnerabilities may allow a local or remote unprivileged user to create a crafted XML file that may cause an application linked with libexpat to crash, resulting in a Denial of Service (DoS) condition.
Additional information regarding these issues is available at:
CVE-2009-3720 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
CVE-2009-3560 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
2. Contributing Factors
These issues can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base
build of OpenSolaris, the following command can be used:
$ uname -v3. Symptoms
If the described issues have been exploited, the application which makes use of the libexpat library will crash, potentially leaving a core file depending on the system configuration.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
14-Dec-2009: Updated Contributing Factors and Resolution sections;, now Resolved
This solution has no attachment