[Cucumber-linux-security] expat (security update is available)

[Z5T1 <z5...@z5...>]

  Update Information

A security update is available for expat for the following versions of
Cucumber Linux:

  * 1.0

Here are the details from the Cucumber 1.0 changelog:

+----------------+
Wed Jul 19 09:34:46 EDT 2017
lib-base/expat upgraded from 2.2.0 to 2.2.2 to fix CVE-2017-9233, a security
	vulnerability which allows a maliciously crafted external XML entity to
	loop indefinitely, causing a denial of service. For more information
	see:
		https://libexpat.github.io/doc/cve-2017-9233/
		https://nvd.nist.gov/vuln/detail/CVE-2017-9233
		https://github.com/libexpat/libexpat/blob/R_2_2_2/expat/Changes
multilib/lib-base/expat-lib_i686 upgraded from 2.2.0 to 2.2.2 (x86_64 only)
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure expat is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
at the following location:

Cucumber 1.0 i686:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/lib-base/expat-2.2.2-i686-1.txz

Cucumber 1.0 x86_64:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/lib-base/expat-2.2.2-x86_64-1.txz
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/lib-base/expat-lib_i686-2.2.2-lib_i686-1.txz

To upgrade the package manually, download the new package and run the
following command (as root):

# upgradepkg expat-2.2.2-i686-1.txz


------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
http://www.cucumberlinux.com/security.php