Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703597
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3597-1 (expat - security update)
Summary:Two related issues have been discovered;in Expat, a C library for parsing XML.;;CVE-2012-6702It was introduced when;CVE-2012-0876;;was addressed. Stefan Srensen discovered that the use of the function;XML_Parse() seeds the random number generator generating repeated outputs;for rand() calls.;;CVE-2016-5300It is the product of an incomplete solution for;CVE-2012-0876;.;The parser poorly seeds the random number generator allowing an attacker to;cause a denial of service (CPU consumption) via an XML file with crafted;identifiers.;;You might need to manually restart programs and services using expat;libraries.
Description:Summary:
Two related issues have been discovered
in Expat, a C library for parsing XML.

CVE-2012-6702It was introduced when
CVE-2012-0876

was addressed. Stefan Srensen discovered that the use of the function
XML_Parse() seeds the random number generator generating repeated outputs
for rand() calls.

CVE-2016-5300It is the product of an incomplete solution for
CVE-2012-0876
.
The parser poorly seeds the random number generator allowing an attacker to
cause a denial of service (CPU consumption) via an XML file with crafted
identifiers.

You might need to manually restart programs and services using expat
libraries.

Affected Software/OS:
expat on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 2.1.0-6+deb8u3.

For the unstable distribution (sid), these problems have been fixed in
version 2.1.1-3.

We recommend that you upgrade your expat packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0876
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
BugTraq ID: 52379
http://www.securityfocus.com/bid/52379
Debian Security Information: DSA-2525 (Google Search)
http://www.debian.org/security/2012/dsa-2525
http://www.mandriva.com/security/advisories?name=MDVSA-2012:041
http://bugs.python.org/issue13703#msg151870
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
RedHat Security Advisories: RHSA-2012:0731
http://rhn.redhat.com/errata/RHSA-2012-0731.html
RedHat Security Advisories: RHSA-2016:0062
http://rhn.redhat.com/errata/RHSA-2016-0062.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://secunia.com/advisories/49504
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1527-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-6702
BugTraq ID: 91483
http://www.securityfocus.com/bid/91483
Debian Security Information: DSA-3597 (Google Search)
http://www.debian.org/security/2016/dsa-3597
https://security.gentoo.org/glsa/201701-21
http://www.openwall.com/lists/oss-security/2016/06/03/8
http://www.openwall.com/lists/oss-security/2016/06/04/1
http://www.ubuntu.com/usn/USN-3010-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-5300
BugTraq ID: 91159
http://www.securityfocus.com/bid/91159
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
http://www.openwall.com/lists/oss-security/2016/06/04/4
http://www.openwall.com/lists/oss-security/2016/06/04/5
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.