Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in expat
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in expat
ID: FEDORA-2016-60889583ab
Distribution: Fedora
Plattformen: Fedora 23
Datum: So, 19. Juni 2016, 11:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472

Originalnachricht

Name        : expat
Product : Fedora 23
Version : 2.1.1
Release : 2.fc23
URL : http://www.libexpat.org/
Summary : An XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

-------------------------------------------------------------------------------
-
Update Information:

Security fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and
CVE-2012-6702.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1344252 - CVE-2016-4472 expat: Undefined behavior and pointer
overflows [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1344252
[ 2 ] Bug #1343086 - CVE-2016-5300 expat: Little entropy used for hash
initialization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1343086
[ 3 ] Bug #1337116 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted
input causing crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1337116
[ 4 ] Bug #1319732 - CVE-2012-6702 expat: Using XML_Parse before rand()
results into non-random output [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1319732
[ 5 ] Bug #1197087 - XML_Parse breaks rand() function
https://bugzilla.redhat.com/show_bug.cgi?id=1197087
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update expat' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung