drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in expat
Name: |
Zwei Probleme in expat |
|
ID: |
USN-3010-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10, Ubuntu 16.04 LTS |
|
Datum: |
Mo, 20. Juni 2016, 21:27 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 |
|
Applikationen: |
expat |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8888837134750329097== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0vbLdEfGNkuRBtqrKQ6Kro0C94U6MEDrt"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0vbLdEfGNkuRBtqrKQ6Kro0C94U6MEDrt Content-Type: multipart/mixed; boundary="8Gt50kumkjc57Is2tiI7klmgbE6Fw4gxd" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <576831FB.40706@canonical.com> Subject: [USN-3010-1] Expat vulnerabilities
--8Gt50kumkjc57Is2tiI7klmgbE6Fw4gxd Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3010-1 June 20, 2016
expat vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Expat.
Software Description: - expat: XML parsing C library
Details:
It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702)
It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: lib64expat1 2.1.0-7ubuntu0.16.04.2 libexpat1 2.1.0-7ubuntu0.16.04.2
Ubuntu 15.10: lib64expat1 2.1.0-7ubuntu0.15.10.2 libexpat1 2.1.0-7ubuntu0.15.10.2
Ubuntu 14.04 LTS: lib64expat1 2.1.0-4ubuntu1.3 libexpat1 2.1.0-4ubuntu1.3
Ubuntu 12.04 LTS: lib64expat1 2.0.1-7.2ubuntu1.4 libexpat1 2.0.1-7.2ubuntu1.4
After a standard system upgrade you need to restart any applications linked against Expat to effect the necessary changes.
References: http://www.ubuntu.com/usn/usn-3010-1 CVE-2012-6702, CVE-2016-5300
Package Information: https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.2 https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.3 https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.4
--8Gt50kumkjc57Is2tiI7klmgbE6Fw4gxd--
--0vbLdEfGNkuRBtqrKQ6Kro0C94U6MEDrt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXaDH7AAoJEGVp2FWnRL6T2cMQAKyy2wCfRMKwy9J1WVgek07u 9gNlTTR4BkcMsNLUqdoDvsqqTtioWbsQoQtZkNfaFZdr8GbH+YsSEDUr/HHniJpH tcABLQKcoliA1KanHgqlPI/CWjlFn+gNjeByR4Cu4tmD7nJtRqGPmqVt6AdODqAd AINGWmAjFSIcRHU7i0pntmPCFGIbisN3lbU1YKEiQ2PHUTrOnakmG3jI9PK/UfMd 3YkyUKmg/3wduwSSp+fxt4kIf6oKw8QctpElZEmlCS80Skqy2ScpoofoOnldVIEO f6NTa3FCDWepcEj/nlTggqdkzQR4Bo0km/jwXaa1MgXFiU6Vegkkp64qYIghPgsP ZfymotJy9CuojM7UQl1pWVrd3HWTIdt9HQ7exP1QrqGCevR/1B+R3jM+H3idVdw/ LFSIGXDJMUR6SSvmALoF2Q/+JWKxdDP0VGJm2NGhJSyJ+1sJmUAt8yhxvxWyg3zQ 2lJCFeQeyc4DIrrrqNjBs+iw5cdkoL4yDuZcRLaevy2olHuUXnTkSkFEIIlx5d+m LRoOPtpgQYAb2pwWywzslCuNi6XtMrO/S+n5mBSWoAIx86SGAF2p7+P8gToNIYKM b6Ec7nm5rCBxa+mfj2NKxD6osMA5senCUMpIdZHDcCI3wT7ZAwaEqYQiboVx5+9V AjQSJuzWWVslNkAc7/cG =VMZT -----END PGP SIGNATURE-----
--0vbLdEfGNkuRBtqrKQ6Kro0C94U6MEDrt--
--===============8888837134750329097== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8888837134750329097==--
|
|
|
|