Уязвимость CVE-2019-15903: Информация

Описание

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-15903

Опубликовано: 4 сентября 2019 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-125, CWE-776

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
chromium	sisyphus	78.0.3904.97-alt1	125.0.6422.141-alt1	ALT-PU-2019-3112-1	240509	Исправлено
chromium	p10	78.0.3904.97-alt1	119.0.6045.159-alt0.p10.1	ALT-PU-2019-3112-1	240509	Исправлено
chromium	p9	79.0.3945.79-alt1	97.0.4692.99-alt0.p9.1	ALT-PU-2020-1050-1	243936	Исправлено
chromium	c10f1	78.0.3904.97-alt1	110.0.5481.177-alt1.p10.1	ALT-PU-2019-3112-1	240509	Исправлено
chromium	c9f2	79.0.3945.79-alt1	84.0.4147.105-alt1.1.p9	ALT-PU-2020-1050-1	243936	Исправлено
chromium	p11	78.0.3904.97-alt1	125.0.6422.141-alt1	ALT-PU-2019-3112-1	240509	Исправлено
chromium-gost	sisyphus	80.0.3987.132-alt1	124.0.6367.78-alt1	ALT-PU-2020-1707-1	249793	Исправлено
chromium-gost	p10	80.0.3987.132-alt1	110.0.5481.177-alt1.p10.1	ALT-PU-2020-1707-1	249793	Исправлено
chromium-gost	p9	83.0.4103.61-alt2.M90P.1	96.0.4664.45-alt2.p9.1	ALT-PU-2020-2441-1	255237	Исправлено
chromium-gost	c10f1	80.0.3987.132-alt1	110.0.5481.177-alt1.p10.1	ALT-PU-2020-1707-1	249793	Исправлено
chromium-gost	c9f2	83.0.4103.61-alt2.M90P.1	96.0.4664.45-alt2.c9.1	ALT-PU-2020-2441-1	255237	Исправлено
chromium-gost	p11	80.0.3987.132-alt1	124.0.6367.78-alt1	ALT-PU-2020-1707-1	249793	Исправлено
expat	sisyphus	2.2.9-alt1	2.5.0-alt1	ALT-PU-2020-2053-1	252464	Исправлено
expat	p10	2.2.9-alt1	2.5.0-alt1	ALT-PU-2020-2053-1	252464	Исправлено
expat	p9	2.2.10-alt1	2.4.3-alt1	ALT-PU-2020-3273-1	261554	Исправлено
expat	c10f1	2.2.9-alt1	2.5.0-alt1	ALT-PU-2020-2053-1	252464	Исправлено
expat	c9f2	2.2.10-alt1	2.5.0-alt1	ALT-PU-2020-3264-1	261553	Исправлено
expat	p11	2.2.9-alt1	2.5.0-alt1	ALT-PU-2020-2053-1	252464	Исправлено
firefox	sisyphus	70.0.1-alt1	126.0.1-alt1	ALT-PU-2019-3087-1	240250	Исправлено
firefox	p10	70.0.1-alt1	118.0.2-alt0.p10.1	ALT-PU-2019-3087-1	240250	Исправлено
firefox	p9	72.0.2-alt0.1.p9	105.0.1-alt0.c9.1	ALT-PU-2020-1617-1	245893	Исправлено
firefox	c10f1	70.0.1-alt1	112.0.2-alt0.p10.1	ALT-PU-2019-3087-1	240250	Исправлено
firefox	c9f2	72.0.2-alt0.1.p9	105.0.1-alt0.c9.1	ALT-PU-2020-1617-1	245893	Исправлено
firefox	p11	70.0.1-alt1	126.0.1-alt1	ALT-PU-2019-3087-1	240250	Исправлено
firefox-esr	sisyphus	68.2.0-alt1	115.11.0-alt1	ALT-PU-2019-3056-1	239816	Исправлено
firefox-esr	p10	68.2.0-alt1	115.11.0-alt1	ALT-PU-2019-3056-1	239816	Исправлено
firefox-esr	p9	68.2.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2019-3106-1	240257	Исправлено
firefox-esr	p8	68.2.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2019-3218-1	242089	Исправлено
firefox-esr	c10f1	68.2.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2019-3056-1	239816	Исправлено
firefox-esr	c9f2	68.2.0-alt1	102.12.0-alt0.c9.1	ALT-PU-2019-3106-1	240257	Исправлено
firefox-esr	p11	68.2.0-alt1	115.11.0-alt1	ALT-PU-2019-3056-1	239816	Исправлено
poco	sisyphus	1.9.4-alt1	1.12.5p1-alt1	ALT-PU-2019-2740-1	237722	Исправлено
poco	p10	1.9.4-alt1	1.12.4-alt2	ALT-PU-2019-2740-1	237722	Исправлено
poco	p9	1.9.4-alt1	1.9.4-alt1	ALT-PU-2019-2751-2	237870	Исправлено
poco	c10f1	1.9.4-alt1	1.12.4-alt2	ALT-PU-2019-2740-1	237722	Исправлено
poco	c9f2	1.9.4-alt1	1.9.4-alt1	ALT-PU-2019-2751-2	237870	Исправлено
poco	p11	1.9.4-alt1	1.12.5p1-alt1	ALT-PU-2019-2740-1	237722	Исправлено
python	sisyphus	2.7.17-alt1	2.7.18-alt11	ALT-PU-2019-3103-1	240064	Исправлено
python	p10	2.7.17-alt1	2.7.18-alt10	ALT-PU-2019-3103-1	240064	Исправлено
python	c10f1	2.7.17-alt1	2.7.18-alt10	ALT-PU-2019-3103-1	240064	Исправлено
python	c9f2	2.7.18-alt0.M90P.1	2.7.18-alt0.MC9.1	ALT-PU-2020-3318-1	261853	Исправлено
python	p11	2.7.17-alt1	2.7.18-alt11	ALT-PU-2019-3103-1	240064	Исправлено
python3	sisyphus	3.8.1-alt1	3.12.2-alt1	ALT-PU-2020-1434-1	245000	Исправлено
python3	p10	3.8.1-alt1	3.9.18-alt1	ALT-PU-2020-1434-1	245000	Исправлено
python3	p9	3.7.11-alt1	3.7.17-alt1	ALT-PU-2021-2653-1	273501	Исправлено
python3	c10f1	3.8.1-alt1	3.9.18-alt0.c10f1.1	ALT-PU-2020-1434-1	245000	Исправлено
python3	c9f2	3.7.17-alt1	3.7.17-alt1	ALT-PU-2024-3474-2	342077	Исправлено
python3	p11	3.8.1-alt1	3.12.2-alt1	ALT-PU-2020-1434-1	245000	Исправлено
thunderbird	sisyphus	68.4.2-alt1	115.9.0-alt1	ALT-PU-2020-1166-1	243898	Исправлено
thunderbird	p10	68.4.2-alt1	115.9.0-alt1	ALT-PU-2020-1166-1	243898	Исправлено
thunderbird	p9	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1515-1	245787	Исправлено
thunderbird	c10f1	68.4.2-alt1	115.9.0-alt0.c10.1	ALT-PU-2020-1166-1	243898	Исправлено
thunderbird	c9f2	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1515-1	245787	Исправлено
thunderbird	p11	68.4.2-alt1	115.9.0-alt1	ALT-PU-2020-1166-1	243898	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://github.com/libexpat/libexpat/pull/318	Issue Tracking Patch Third Party Advisory
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43	Patch Third Party Advisory
https://github.com/libexpat/libexpat/issues/317	Exploit Issue Tracking Third Party Advisory
USN-4132-1	Third Party Advisory
https://github.com/libexpat/libexpat/issues/342	Third Party Advisory
20190917 [slackware-security] expat (SSA:2019-259-01)	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html	Third Party Advisory VDB Entry
USN-4132-2	Third Party Advisory
DSA-4530	Third Party Advisory
20190923 [SECURITY] [DSA 4530-1] expat security update	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190926-0004/	Third Party Advisory
openSUSE-SU-2019:2205	Mailing List Third Party Advisory
openSUSE-SU-2019:2204	Mailing List Third Party Advisory
20191021 [slackware-security] python (SSA:2019-293-01)	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html	Third Party Advisory VDB Entry
USN-4165-1	Third Party Advisory
DSA-4549	Third Party Advisory
RHSA-2019:3237	Third Party Advisory
RHSA-2019:3210	Third Party Advisory
20191101 [SECURITY] [DSA 4549-1] firefox-esr security update	Mailing List Third Party Advisory
openSUSE-SU-2019:2420	Mailing List Third Party Advisory
openSUSE-SU-2019:2424	Mailing List Third Party Advisory
openSUSE-SU-2019:2425	Mailing List Third Party Advisory
RHSA-2019:3756	Third Party Advisory
openSUSE-SU-2019:2447	Mailing List Third Party Advisory
openSUSE-SU-2019:2459	Mailing List Third Party Advisory
openSUSE-SU-2019:2464	Mailing List Third Party Advisory
openSUSE-SU-2019:2451	Mailing List Third Party Advisory
openSUSE-SU-2019:2452	Mailing List Third Party Advisory
[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update	Mailing List Third Party Advisory
20191118 [SECURITY] [DSA 4571-1] thunderbird security update	Mailing List Third Party Advisory
DSA-4571	Third Party Advisory
[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update	Mailing List Third Party Advisory
GLSA-201911-08	Third Party Advisory
USN-4202-1	Third Party Advisory
https://support.apple.com/kb/HT210788	Third Party Advisory
https://support.apple.com/kb/HT210785	Third Party Advisory
https://support.apple.com/kb/HT210790	Third Party Advisory
https://support.apple.com/kb/HT210789	Third Party Advisory
20191211 APPLE-SA-2019-12-10-5 tvOS 13.3	Mailing List Third Party Advisory
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra	Mailing List Third Party Advisory
20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1	Mailing List Third Party Advisory
https://support.apple.com/kb/HT210793	Third Party Advisory
https://support.apple.com/kb/HT210795	Third Party Advisory
https://support.apple.com/kb/HT210794	Third Party Advisory
20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3	Mailing List Third Party Advisory
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra	Mailing List Third Party Advisory
20191213 APPLE-SA-2019-12-10-5 tvOS 13.3	Mailing List Third Party Advisory
20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1	Mailing List Third Party Advisory
openSUSE-SU-2020:0010	Mailing List Third Party Advisory
openSUSE-SU-2020:0086	Mailing List Third Party Advisory
N/A	Third Party Advisory
USN-4335-1	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.tenable.com/security/tns-2021-11	Third Party Advisory
FEDORA-2019-613edfe68b
FEDORA-2019-9505c6b555
FEDORA-2019-672ae0f060

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
  End excliding
  2.2.8
  
  Конфигурация 2
  cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
  Start including
  3.5.0
  End excliding
  3.5.8
  cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
  Start including
  2.7.0
  End excliding
  2.7.17
  cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
  Start including
  3.7.0
  End excliding
  3.7.5
  cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
  Start including
  3.6.0
  End excliding
  3.6.10

Версия: v24.5.3

Наверх

Уязвимость CVE-2019-15903: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2