Bug 39421 - expat: Mehrere Sicherheitslücken (4.1)
expat: Mehrere Sicherheitslücken (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P4 normal (vote)
: UCS 4.1-4-errata
Assigned To: Arvid Requate
Philipp Hahn
:
Depends on:
Blocks: 42570
  Show dependency treegraph
 
Reported: 2015-09-28 18:16 CEST by Arvid Requate
Modified: 2017-10-26 13:53 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-09-28 18:16:01 CEST
This security issue is fixed in upstream Debian package version 2.1.0-1+deb7u2:

* Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data (CVE-2015-1283)
Comment 1 Arvid Requate univentionstaff 2016-05-23 18:59:39 CEST
Upstream Debian package version 2.1.0-1+deb7u3 fixes this additional issue:

* Out-of-bounds heap read on crafted input causing crash or code execution (CVE-2016-0718)
Comment 2 Arvid Requate univentionstaff 2016-06-07 20:15:06 CEST
Two additional issues have been fixed in the Jessie package version:

* unanticipated internal calls to srand (CVE-2012-6702)
* use of too little entropy (CVE-2016-5300)
Comment 3 Arvid Requate univentionstaff 2016-06-08 13:48:12 CEST
Fixed in 2.1.0-1+deb7u4
Comment 4 Arvid Requate univentionstaff 2016-11-10 21:21:15 CET
Advisory: expat.yaml
Comment 5 Philipp Hahn univentionstaff 2016-11-29 17:34:48 CET
OK: errata-announce -V --only expat.yaml
OK: expat.yaml

OK: aptitude install '?source-package(expat)~i'
OK: aptitude install '?source-package(expat)'
OK: zless /usr/share/doc/expat/changelog.Debian.gz # 2.1.0-1+deb7u4
FYI: Also fixes CVE-2016-0719, which is =0718
OK: /usr/bin/xmlwf /var/lib/gconf/defaults/%gconf-tree.xml
Comment 6 Janek Walkenhorst univentionstaff 2016-12-01 11:57:22 CET
<http://errata.software-univention.de/ucs/4.1/348.html>