Wind River Support Network

HomeDefectsLIN8-7145

Fixed

LIN8-7145 : Security Advisory - expat - CVE-2017-9233

Created: Jul 21, 2017 Updated: Dec 3, 2018

Resolved Date: Jul 28, 2017

Previous ID: LIN6-13238

Found In Version: 8.0.0.19

Fix Version: 8.0.0.20

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

An infinite loop vulnerability due to malformed XML in external entity was found in entityValueInitProcessor function affecting versions of Expat 2.2.0 and earlier.

Upstream patch:

https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f

External References:

https://libexpat.github.io/doc/cve-2017-9233/

Other Downloads

Wind River Linux 8.0.0.20
Wind River Linux 8.0.0.21
Wind River Linux 8.0.0.22
Wind River Linux 8.0.0.23
Wind River Linux 8.0.0.24
Wind River Linux 8.0.0.25
Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34

CVEs

CVE-2017-9233