Lucene search
GoogleOSV:DLA-508-1HistoryJun 08, 2016 - 12:00 a.m.
expat - security update
2016-06-0800:00:00
Google
osv.dev
24
0.007 Low
EPSS
Percentile
81.0%
Two related issues have been discovered in Expat, a C library for
parsing XML.
- CVE-2012-6702
This issue was introduced when CVE-2012-0876 was addressed. Stefan
Sørensen discovered that the use of the function XML_Parse() seeds
the random number generator generating repeated outputs for rand()
calls. - CVE-2016-5300
This is the product of an incomplete solution for CVE-2012-0876. The
parser poorly seeds the random number generator allowing an
attacker to cause a denial of service (CPU consumption) via an XML
file with crafted identifiers.
You might need to manually restart programs and services using expat
libraries.
For Debian 7 Wheezy, these problems have been fixed in version
2.1.0-1+deb7u4.
We recommend that you upgrade your expat packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
| CPE | Name | Operator | Version |
|---|---|---|---|
| expat | eq | 2.1.0-1+deb7u2 | |
| expat | eq | 2.1.0-1+deb7u3 | |
| expat | eq | 2.1.0-1 | |
| expat | eq | 2.1.0-1+deb7u1 |
References
Related
openvas
openvas
Debian: Security Advisory (DSA-3597-1)
2016-06-06 00:00:00
Debian: Security Advisory (DLA-508-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0424-1)
2021-04-19 00:00:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 3597-1] expat security update
2016-06-07 16:44:57
[SECURITY] [DLA 508-1] expat security update
2016-06-08 09:29:13
[SECURITY] [DSA 3597-1] expat security update
2016-06-07 16:44:57
nessus
nessus
FreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5)
2016-06-09 00:00:00
SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:0424-1)
2017-02-09 00:00:00
Debian DLA-508-1 : expat security update
2016-06-09 00:00:00
osv
osv
expat - security update
2016-06-07 00:00:00
CVE-2016-5300
2016-06-16 18:59:00
CVE-2012-6702
2016-06-16 18:59:00
mageia
mageia
Updated expat packages fix security vulnerabilities
2016-06-17 08:58:14
archlinux
archlinux
expat: multiple issues
2016-06-13 00:00:00
lib32-expat: multiple issues
2016-06-13 00:00:00
freebsd
freebsd
expat -- multiple vulnerabilities
2016-03-18 00:00:00
Python 2.7 -- multiple vulnerabilities
2017-08-26 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise (CVE-2012-6702, CVE-2016-5300)
2018-06-17 22:33:28
cloudfoundry
cloudfoundry
USN-3010-1 Expat vulnerabilities | Cloud Foundry
2016-07-13 00:00:00
cve
cve
redhatcve
redhatcve
CVE-2016-5300
2016-06-06 13:18:38
ubuntu
ubuntu
Expat vulnerabilities
2016-06-20 00:00:00
XML-RPC for C and C++ vulnerabilities
2016-06-20 00:00:00
XML-RPC for C and C++ vulnerabilities
2012-09-10 00:00:00
alpinelinux
alpinelinux
CVE-2016-5300
2016-06-16 18:59:10
CVE-2012-6702
2016-06-16 18:59:00
debiancve
debiancve
nvd
nvd
prion
prion
Code injection
2016-06-16 18:59:00
Design/Logic Flaw
2016-06-16 18:59:00
Code injection
2012-07-03 19:55:00
veracode
veracode
Denial Of Service (DoS)
2017-02-01 06:06:40
Weak Cryptographic Protection
2016-06-08 07:23:46
Denial Of Service (DoS)
2019-01-15 08:52:02
f5
f5
K70938105 : Expat XML library vulnerability CVE-2016-5300
2016-10-26 00:00:00
SOL70938105 - Expat XML library vulnerability CVE-2016-5300
2016-10-26 00:00:00
SOL65460334 - Expat XML parser vulnerability CVE-2012-6702
2016-09-06 00:00:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24
2016-06-21 19:27:49
[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23
2016-06-19 07:27:54
[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22
2016-07-12 02:27:38
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
Expat: Multiple vulnerabilities
2012-09-24 00:00:00
slackware
slackware
[slackware-security] expat
2016-12-24 19:24:21
[slackware-security] python
2018-05-04 20:53:50
securityvulns
securityvulns
expat security vulnerability
2012-04-02 00:00:00
[ MDVSA-2012:041 ] expat
2012-04-02 00:00:00
[ MDVSA-2012:096-1 ] python
2012-07-09 00:00:00
centos
centos
expat security update
2012-06-13 17:07:10
amazon
amazon
Medium: expat
2012-06-19 15:59:00
redhat
redhat
(RHSA-2012:0731) Moderate: expat security update
2012-06-13 00:00:00
(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update
2016-01-21 15:45:11
oraclelinux
oraclelinux
expat security update
2012-06-13 00:00:00
python security update
2012-06-18 00:00:00
python security update
2012-06-18 00:00:00
apple
apple
About the security content of iTunes 12.6
2017-03-21 00:00:00
About the security content of iTunes 12.6 - Apple Support
2017-03-22 07:40:40