You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa expat

Sigurnosni nedostatak programskog paketa expat

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4040-2
June 26, 2019

expat vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Expat could be made to consume a high amount of RAM and CPU
resources if it received a specially crafted XML file.

Software Description:
– expat: XML parsing C library

Details:

USN-4040-1 fixed a vulnerability in expat. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
lib64expat1 2.1.0-4ubuntu1.4+esm1
libexpat1 2.1.0-4ubuntu1.4+esm1

Ubuntu 12.04 ESM:
lib64expat1 2.0.1-7.2ubuntu1.6
libexpat1 2.0.1-7.2ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4040-2
https://usn.ubuntu.com/4040-1
CVE-2018-20843
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdE9BTAAoJEEW851uECx9ppSUP/19if9U1Q7hzUGBvGF21KGna
ZEIpY8q3YwVue3NTDvrGfvY6tBuvP+pU+ql8pCI7hTrkWZEvXJcR6m+/HAsJe5Ts
fPwEAzdYbujtSmt/e1nE05nl1UGKso1uEBe4xpqFqOJCz1FCMHYxAsDJxP27E5VU
Hr80JPuhyu2DBDa3uCEUEHKyDsHGgaLlOydtf2f0Lh+W9TErwBik8/DOxlIAMrw5
/+y8FvvupBesCAJc9is1rE2fBqN4X9TArxfJBuszbbpx/oB3/wvWRA8iBkeYPpB6
ShHmnkFOuo/UXhQTpxSynChytohwaS/uIBNCxQl6yVorGHml1UDiDB5hGRm9F6ai
468cc4vbODnc+KHFA8eKMSiRmEJVTEjBlAZibZuOx1Lyz9EmS4m7RX5Qzkr+oiYC
94cN77AZAz52ZxvEneFJ5CDiWoO7H6LTxqFT3DfgH8UpDsblBq3+Kf67pb+/7A2Y
/YXGmhCo6bHsrbB9W1Lyi+MGsGAFRn7s0q+FvwnVllmAsKoJKL70O/8aasevY1s4
Q4irUphP9d95lAfyOKmVv58xeodkzCNEqFLAUJ+jfrEIBmtt/1eDDXF/zNfueFs6
rbvd9gTXTcDLhbOY3GrxtNmSZFdUeNlyesMbZYep1Jm7TtWhzn3id9wZFXDfo+LC
+S9mmWjsMAMduQktou0Z
=jAc6
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4040-1
June 26, 2019

expat vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Expat could be made to consume a high amount of RAM and CPU resources
if it received a specially crafted XML file.

Software Description:
– expat: XML parsing C library

Details:

It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libexpat1 2.2.6-1ubuntu0.19.04

Ubuntu 18.10:
libexpat1 2.2.6-1ubuntu0.18.10

Ubuntu 18.04 LTS:
libexpat1 2.2.5-3ubuntu0.1

Ubuntu 16.04 LTS:
lib64expat1 2.1.0-7ubuntu0.16.04.4
libexpat1 2.1.0-7ubuntu0.16.04.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4040-1
CVE-2018-20843

Package Information:
https://launchpad.net/ubuntu/+source/expat/2.2.6-1ubuntu0.19.04
https://launchpad.net/ubuntu/+source/expat/2.2.6-1ubuntu0.18.10
https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.1
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.4
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdE8p9AAoJEEW851uECx9pQpUP/iSRm4cJh2OYLhALGMBDanbD
glM+PmwANK9UHDLnk/P5vySH5KNbMDJ39EYgf3qsn7K5jCoeJTbRGd6ZSCExivJv
xj/A3fr2fVj4lFIcPNnTlT1JHZvNCgm7UtEHziEh02Zr3jc/0I2Sk1Gcr3MyUhNF
xdmbf6E3U2WrrctzpCr+J2dFrUtPZF+W8KN+vXVFPNqMYUAm22jr8fobni4LKK87
78I+6/sviTyl//o31KFQsnhNGD4S664LlC1/IvPPI3/qKYk0Hew17uefzu/NU7Nb
xkNGiOMtsaYVVNlL/tzSurGe3Vkg/kkazIQh+8hDpc1WvFipxCGp6nyovM+t6y/M
rg7ghM0zQIpbniJ7aJXYspMzTP+X86kMcEBYhJdnm2r/S+hRxuLo0KNMyPLe8ncm
xGDOWItFG3t5gV8LiNBC3XYE2MVROEvH6DqvAWgd9AyHyBWDpJ3jiJrVpx/VEvEJ
LJP9qGEot+voMwh5aEcsBeL0KbXwQ3YBBhCWvdG01FwA1ZjVggJsk28ynKM0MHs7
67/vp1Bg3hkjc5nSAiMteU/ILUT96DiWR85rMWE93X1pFDb3RkoGvN3SCugJDrSx
Qe9RXiyHo88Zip4mCLWPn/L8C1w9ryT1m5Ti7x7E6uor3Ct5Wd8bbJhaxYsbHgi7
yt5eASWQhGXHT8O3fnko
=AQI1
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libmediainfo

Otkriveni su sigurnosni nedostaci programske biblioteke libmediainfo za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja....

Close