You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa expat

Sigurnosni nedostaci programskog paketa expat

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3010-1
June 20, 2016

expat vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 15.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Expat.

Software Description:
– expat: XML parsing C library

Details:

It was discovered that Expat unexpectedly called srand in certain
circumstances. This could reduce the security of calling applications.
(CVE-2012-6702)

It was discovered that Expat incorrectly handled seeding the random number
generator. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-5300)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
lib64expat1 2.1.0-7ubuntu0.16.04.2
libexpat1 2.1.0-7ubuntu0.16.04.2

Ubuntu 15.10:
lib64expat1 2.1.0-7ubuntu0.15.10.2
libexpat1 2.1.0-7ubuntu0.15.10.2

Ubuntu 14.04 LTS:
lib64expat1 2.1.0-4ubuntu1.3
libexpat1 2.1.0-4ubuntu1.3

Ubuntu 12.04 LTS:
lib64expat1 2.0.1-7.2ubuntu1.4
libexpat1 2.0.1-7.2ubuntu1.4

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3010-1
CVE-2012-6702, CVE-2016-5300

Package Information:
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.2
https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.3
https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.4

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJXaDH7AAoJEGVp2FWnRL6T2cMQAKyy2wCfRMKwy9J1WVgek07u
9gNlTTR4BkcMsNLUqdoDvsqqTtioWbsQoQtZkNfaFZdr8GbH+YsSEDUr/HHniJpH
tcABLQKcoliA1KanHgqlPI/CWjlFn+gNjeByR4Cu4tmD7nJtRqGPmqVt6AdODqAd
AINGWmAjFSIcRHU7i0pntmPCFGIbisN3lbU1YKEiQ2PHUTrOnakmG3jI9PK/UfMd
3YkyUKmg/3wduwSSp+fxt4kIf6oKw8QctpElZEmlCS80Skqy2ScpoofoOnldVIEO
f6NTa3FCDWepcEj/nlTggqdkzQR4Bo0km/jwXaa1MgXFiU6Vegkkp64qYIghPgsP
ZfymotJy9CuojM7UQl1pWVrd3HWTIdt9HQ7exP1QrqGCevR/1B+R3jM+H3idVdw/
LFSIGXDJMUR6SSvmALoF2Q/+JWKxdDP0VGJm2NGhJSyJ+1sJmUAt8yhxvxWyg3zQ
2lJCFeQeyc4DIrrrqNjBs+iw5cdkoL4yDuZcRLaevy2olHuUXnTkSkFEIIlx5d+m
LRoOPtpgQYAb2pwWywzslCuNi6XtMrO/S+n5mBSWoAIx86SGAF2p7+P8gToNIYKM
b6Ec7nm5rCBxa+mfj2NKxD6osMA5senCUMpIdZHDcCI3wT7ZAwaEqYQiboVx5+9V
AjQSJuzWWVslNkAc7/cG
=VMZT
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2016-06-0110-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa haproxy

Otkriven je sigurnosni nedostatak u programskom paketu haproxy za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvođenje napada...

Close