Ubuntu Security Notice USN-3010-1

Ubuntu Security Notice USN-3010-1: Posted Jun 21, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3010-1 - It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2012-6702, CVE-2016-5300; SHA-256 | 2b5fd3bd2daa487c282c26072ca85a214252d08ae2b0b736f89d37936653f75d; Download | Favorite | View

Ubuntu Security Notice USN-3010-1

From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
 <ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <576831FB.40706@canonical.com>
Subject: [USN-3010-1] Expat vulnerabilities




============================================================================
Ubuntu Security Notice USN-3010-1
June 20, 2016

expat vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Expat.

Software Description:
- expat: XML parsing C library

Details:

It was discovered that Expat unexpectedly called srand in certain
circumstances. This could reduce the security of calling applications.
(CVE-2012-6702)

It was discovered that Expat incorrectly handled seeding the random number
generator. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-5300)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  lib64expat1                     2.1.0-7ubuntu0.16.04.2
  libexpat1                       2.1.0-7ubuntu0.16.04.2

Ubuntu 15.10:
  lib64expat1                     2.1.0-7ubuntu0.15.10.2
  libexpat1                       2.1.0-7ubuntu0.15.10.2

Ubuntu 14.04 LTS:
  lib64expat1                     2.1.0-4ubuntu1.3
  libexpat1                       2.1.0-4ubuntu1.3

Ubuntu 12.04 LTS:
  lib64expat1                     2.0.1-7.2ubuntu1.4
  libexpat1                       2.0.1-7.2ubuntu1.4

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-3010-1
  CVE-2012-6702, CVE-2016-5300

Package Information:
  https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.2
  https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.2
  https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.3
  https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.4




--0vbLdEfGNkuRBtqrKQ6Kro0C94U6MEDrt

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-3010-1

Ubuntu Security Notice USN-3010-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-3010-1

Share This

Ubuntu Security Notice USN-3010-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems