Wind River Support Network

HomeDefectsLIN5-23297
Fixed

LIN5-23297 : Security Advisory - expat - CVE-2017-9233

Created: Jul 21, 2017    Updated: May 29, 2018
Resolved Date: Aug 16, 2017
Previous ID: LIN6-13236
Found In Version: 5.0.1.40
Fix Version: 5.0.1.41
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

An infinite loop vulnerability due to malformed XML in external entity was found in entityValueInitProcessor function affecting versions of Expat 2.2.0 and earlier.

Upstream patch:

https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f

External References:

https://libexpat.github.io/doc/cve-2017-9233/

Other Downloads


Live chat
Online