ID

VAR-201207-0370


CVE

CVE-2012-1148


TITLE

Expat of expat/lib/xmlparse.c Service disruption in ( Memory consumption ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-002979

DESCRIPTION

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data. Exploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. Expat versions prior to 2.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following: apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30. CVE-ID CVE-2015-7803 CVE-2015-7804 AppSandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Bluetooth Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7108 : Ian Beer of Google Project Zero CFNetwork HTTPProtocol Available for: OS X El Capitan v10.11 and v10.11.1 Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea) Compression Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru Configuration Profiles Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local attacker may be able to install a configuration profile without admin privileges Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-7062 : David Mulder of Dell Software CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075 Disk Images Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7110 : Ian Beer of Google Project Zero EFI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7063 : Apple File Bookmark Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7071 : Apple Hypervisor Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management. CVE-ID CVE-2015-7078 : Ian Beer of Google Project Zero iBooks Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A null pointer dereference issue was addressed through improved input validation. CVE-ID CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7077 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7109 : Juwei Lin of TrendMicro IOHIDFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero IOThunderboltFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts. CVE-ID CVE-2015-7067 : Juwei Lin of TrendMicro Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero kext tools Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A validation issue existed during the loading of kernel extensions. This issue was addressed through additional verification. CVE-ID CVE-2015-7052 : Apple Keychain Access Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to masquerade as the Keychain Server. Description: An issue existed in how Keychain Access interacted with Keychain Agent. This issue was resolved by removing legacy functionality. CVE-ID CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi- Min Hu of Tsinghua University, and Xinhui Han of Peking University libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) libexpat Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in expat Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. CVE-ID CVE-2012-0876 : Vincent Danen CVE-2012-1147 : Kurt Seifried CVE-2012-1148 : Kurt Seifried libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks OpenLDAP Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote unauthenticated client may be able to cause a denial of service Description: An input validation issue existed in OpenLDAP. This issue was addressed through improved input validation. CVE-ID CVE-2015-6908 OpenSSH Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 CVE-2015-5334 QuickLook Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107 Sandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058 System Integrity Protection Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to execute arbitrary code with system privileges Description: A privilege issue existed in handling union mounts. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7044 : MacDefender Installation note: Security Update 2015-008 is recommended for all users and improves the security of OS X. After installing this update, the QuickTime 7 web browser plug-in will no longer be enabled by default. Learn what to do if you still need this legacy plug-in. https://support.apple.com/en-us/HT205081 OS X El Capitan v10.11.2 includes the security content of Safari 9.0.2: https://support.apple.com/en-us/HT205639 OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn +XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz 0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36 Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T gvIdn3N1k8hWpmYDjxZd =Yi/n -----END PGP SIGNATURE----- . This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2012-1148) A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. Solution: The References section of this erratum contains a download link (you must log in to download the update). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Expat: Multiple vulnerabilities Date: September 24, 2012 Bugs: #280615, #303727, #407519 ID: 201209-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.1.0_beta3" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2009-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 [ 2 ] CVE-2009-3720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720 [ 3 ] CVE-2012-0876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876 [ 4 ] CVE-2012-1147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147 [ 5 ] CVE-2012-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-1613-2 October 17, 2012 python2.4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 8.04 LTS Summary: Several security issues were fixed in Python 2.4. Software Description: - python2.4: An interactive high-level object-oriented language (version 2.4) Details: USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. (CVE-2012-1148) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: python2.4 2.4.5-1ubuntu4.4 python2.4-minimal 2.4.5-1ubuntu4.4 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: expat security update Advisory ID: RHSA-2012:0731-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0731.html Issue date: 2012-06-13 CVE Names: CVE-2012-0876 CVE-2012-1148 ===================================================================== 1. Summary: Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 786617 - CVE-2012-0876 expat: hash table collisions CPU usage DoS 801648 - CVE-2012-1148 expat: Memory leak in poolGrow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm i386: expat-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm x86_64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.x86_64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm i386: expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.i386.rpm x86_64: expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm expat-devel-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm i386: expat-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.i386.rpm ia64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.ia64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.ia64.rpm expat-devel-1.95.8-11.el5_8.ia64.rpm ppc: expat-1.95.8-11.el5_8.ppc.rpm expat-1.95.8-11.el5_8.ppc64.rpm expat-debuginfo-1.95.8-11.el5_8.ppc.rpm expat-debuginfo-1.95.8-11.el5_8.ppc64.rpm expat-devel-1.95.8-11.el5_8.ppc.rpm expat-devel-1.95.8-11.el5_8.ppc64.rpm s390x: expat-1.95.8-11.el5_8.s390.rpm expat-1.95.8-11.el5_8.s390x.rpm expat-debuginfo-1.95.8-11.el5_8.s390.rpm expat-debuginfo-1.95.8-11.el5_8.s390x.rpm expat-devel-1.95.8-11.el5_8.s390.rpm expat-devel-1.95.8-11.el5_8.s390x.rpm x86_64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.x86_64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm expat-devel-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm x86_64: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm x86_64: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm ppc64: expat-2.0.1-11.el6_2.ppc.rpm expat-2.0.1-11.el6_2.ppc64.rpm expat-debuginfo-2.0.1-11.el6_2.ppc.rpm expat-debuginfo-2.0.1-11.el6_2.ppc64.rpm expat-devel-2.0.1-11.el6_2.ppc.rpm expat-devel-2.0.1-11.el6_2.ppc64.rpm s390x: expat-2.0.1-11.el6_2.s390.rpm expat-2.0.1-11.el6_2.s390x.rpm expat-debuginfo-2.0.1-11.el6_2.s390.rpm expat-debuginfo-2.0.1-11.el6_2.s390x.rpm expat-devel-2.0.1-11.el6_2.s390.rpm expat-devel-2.0.1-11.el6_2.s390x.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0876.html https://www.redhat.com/security/data/cve/CVE-2012-1148.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2KEPXlSAg2UNWIIRAhWPAJ0Q22boGq3FiPI7246uE8qjdEpq3gCfRNip 1zY6/nH/4z7IxjTyIkW0Jkk= =x3IW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

Trust: 2.7

sources: NVD: CVE-2012-1148 // JVNDB: JVNDB-2012-002979 // BID: 52379 // VULHUB: VHN-54429 // PACKETSTORM: 134748 // PACKETSTORM: 115435 // PACKETSTORM: 135349 // PACKETSTORM: 117449 // PACKETSTORM: 116804 // PACKETSTORM: 117450 // PACKETSTORM: 113606 // PACKETSTORM: 111254

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.1

Trust: 1.4

vendor:libexpatmodel:libexpatscope:eqversion:1.95.8

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:1.95.7

Trust: 1.0

vendor:libexpatmodel:libexpatscope:lteversion:2.0.1

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:1.95.5

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.1

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:1.95.6

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:2.0.0

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:1.95.4

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:1.95.2

Trust: 1.0

vendor:libexpatmodel:libexpatscope:eqversion:1.95.1

Trust: 1.0

vendor:expatmodel:expatscope:ltversion:2.1.0

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.9

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:netezza analyticsscope:eqversion:3.2.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c5.11scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp3scope:eqversion:5.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.8.3

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1.1

Trust: 0.3

vendor:jamesmodel:clark expatscope:neversion:2.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:neversion:6.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.9.3

Trust: 0.3

vendor:avayamodel:aura system managerscope:neversion:6.3

Trust: 0.3

vendor:avayamodel:aura conferencing sp1 standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:xeroxmodel:freeflow print server 81.d0.73scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2.1.0.9

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility services spscope:eqversion:6.16.1.0.9.8

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:neversion:6.3

Trust: 0.3

vendor:avayamodel:aura experience portalscope:neversion:6.0.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura sip enablement services sp2scope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:neversion:5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:websphere application server full profilescope:eqversion:8.5

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.5

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ericmodel:kidd xml-rpc for c/c++scope:neversion:1.32

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2.3

Trust: 0.3

vendor:avayamodel:aura system manager sp3scope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2.4.0.15

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.3

Trust: 0.3

vendor:avayamodel:voice portalscope:neversion:5.1.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system platform sp1scope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:neversion:6.2.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:ibmmodel:websphere application server liberty profilescope:eqversion:8.5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:websphere application server full profilescope:eqversion:8.5.5

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura sip enablement services ssp3scope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.0.3

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1.0.9.8

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:oraclemodel:solaris sru11.6scope:neversion:11.3

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:jamesmodel:clark expatscope:eqversion:2.0.1

Trust: 0.3

vendor:ibmmodel:netezza analyticsscope:neversion:3.2.3.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:neversion:6.2

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:9.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 91.d2.32scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:websphere application server liberty prscope:eqversion:8.5.5.0-

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:neversion:6.2.5.0.15

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:neversion:6.2

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura sip enablement services sp4scope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura presence services sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:neversion:6.3

Trust: 0.3

vendor:avayamodel:aura presence services sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:netezza analyticsscope:eqversion:3.2.1

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura sip enablement services ssp2scope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:netezza analyticsscope:eqversion:3.2.2

Trust: 0.3

vendor:xeroxmodel:freeflow print server 82.d1.44scope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:neversion:6.2

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2015

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.d2.33scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.1

Trust: 0.3

vendor:ericmodel:kidd xml-rpc for c/c++scope:eqversion:1.31

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:xeroxmodel:freeflow print server 93.e0.21cscope: - version: -

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

sources: BID: 52379 // JVNDB: JVNDB-2012-002979 // CNNVD: CNNVD-201204-164 // NVD: CVE-2012-1148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1148
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1148
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-164
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1148
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54429 // JVNDB: JVNDB-2012-002979 // CNNVD: CNNVD-201204-164 // NVD: CVE-2012-1148

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-54429 // JVNDB: JVNDB-2012-002979 // NVD: CVE-2012-1148

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 135349 // CNNVD: CNNVD-201204-164

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201204-164

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002979

PATCH

title:APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Trust: 0.8

title:HT205637url:https://support.apple.com/en-us/HT205637

Trust: 0.8

title:HT205637url:http://support.apple.com/ja-jp/HT205637

Trust: 0.8

title:DSA-2525url:http://www.debian.org/security/2012/dsa-2525

Trust: 0.8

title:Top Pageurl:http://www.libexpat.org/

Trust: 0.8

title:RHSA-2012:0731url:http://rhn.redhat.com/errata/RHSA-2012-0731.html

Trust: 0.8

title:MDVSA-2012:041url:http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:041

Trust: 0.8

title:Multiple Resource Management Error vulnerabilities in libexpaturl:https://blogs.oracle.com/sunsecurity/entry/multiple_resource_management_error_vulnerabilities

Trust: 0.8

title:memory leak in poolGrow - ID: 2958794url:http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127

Trust: 0.8

title:expat 2.1.0url:http://sourceforge.net/projects/expat/files/expat/2.1.0/

Trust: 0.8

title:Diff of /expat/lib/xmlparse.curl:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167

Trust: 0.8

title:USN-1527-1url:http://www.ubuntu.com/usn/USN-1527-1/

Trust: 0.8

title:USN-1613-2url:http://www.ubuntu.com/usn/USN-1613-2/

Trust: 0.8

title:VMSA-2012-0016url:http://www.vmware.com/security/advisories/VMSA-2012-0016.html

Trust: 0.8

title:expat-win32bin-2.1.0url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43625

Trust: 0.6

title:expat-2.1.0url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43626

Trust: 0.6

sources: JVNDB: JVNDB-2012-002979 // CNNVD: CNNVD-201204-164

EXTERNAL IDS

db:NVDid:CVE-2012-1148

Trust: 3.6

db:BIDid:52379

Trust: 2.0

db:SECUNIAid:51040

Trust: 1.7

db:SECUNIAid:49504

Trust: 1.7

db:SECUNIAid:51024

Trust: 1.7

db:SECTRACKid:1034344

Trust: 1.7

db:JVNid:JVNVU97526033

Trust: 0.8

db:JVNDBid:JVNDB-2012-002979

Trust: 0.8

db:CNNVDid:CNNVD-201204-164

Trust: 0.7

db:PACKETSTORMid:140182

Trust: 0.1

db:VULHUBid:VHN-54429

Trust: 0.1

db:PACKETSTORMid:134748

Trust: 0.1

db:PACKETSTORMid:115435

Trust: 0.1

db:PACKETSTORMid:135349

Trust: 0.1

db:PACKETSTORMid:117449

Trust: 0.1

db:PACKETSTORMid:116804

Trust: 0.1

db:PACKETSTORMid:117450

Trust: 0.1

db:PACKETSTORMid:113606

Trust: 0.1

db:PACKETSTORMid:111254

Trust: 0.1

sources: VULHUB: VHN-54429 // BID: 52379 // JVNDB: JVNDB-2012-002979 // PACKETSTORM: 134748 // PACKETSTORM: 115435 // PACKETSTORM: 135349 // PACKETSTORM: 117449 // PACKETSTORM: 116804 // PACKETSTORM: 117450 // PACKETSTORM: 113606 // PACKETSTORM: 111254 // CNNVD: CNNVD-201204-164 // NVD: CVE-2012-1148

REFERENCES

url:http://sourceforge.net/projects/expat/files/expat/2.1.0/

Trust: 2.0

url:http://www.ubuntu.com/usn/usn-1613-1

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2012-0731.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-0062.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-1527-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-1613-2

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html

Trust: 1.7

url:http://www.securityfocus.com/bid/52379

Trust: 1.7

url:https://support.apple.com/ht205637

Trust: 1.7

url:http://www.debian.org/security/2012/dsa-2525

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:041

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2016-2957.html

Trust: 1.7

url:http://www.securitytracker.com/id/1034344

Trust: 1.7

url:http://secunia.com/advisories/49504

Trust: 1.7

url:http://secunia.com/advisories/51024

Trust: 1.7

url:http://secunia.com/advisories/51040

Trust: 1.7

url:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167

Trust: 1.6

url:http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1148

Trust: 0.9

url:http://jvn.jp/vu/jvnvu97526033/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1148

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2012-0876

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.8

url:http://expat.sourceforge.net/

Trust: 0.3

url:http://xmlrpc-c.sourceforge.net/change.html

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_resource_management_error_vulnerabilities

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100165124

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024076

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21989336

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21992933

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21988026

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21988710

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21994401

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2012-0016.html

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-1147

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1015

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-1634

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-4944

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0845

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2008-5983

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-3493

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2089

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-4940

Trust: 0.2

url:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&amp;r2=1.167

Trust: 0.1

url:http://sourceforge.net/tracker/?func=detail&amp;atid=110127&amp;aid=2958794&amp;group_id=10127

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7052

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7045

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7044

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7047

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7046

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7043

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7058

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7053

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2895

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7001

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5334

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7039

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7054

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7063

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5333

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7062

Trust: 0.1

url:https://support.apple.com/en-us/ht205081

Trust: 0.1

url:https://support.apple.com/en-us/ht205639

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7061

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7038

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/expat/2.0.1-0ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3183

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-5704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3183

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2012-0876

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=2.1.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5704

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python2.5/2.5.2-2ubuntu6.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3560

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0876

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1147

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1148

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3720

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201209-06.xml

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python2.4/2.4.5-1ubuntu4.4

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0876.html

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-1148.html

Trust: 0.1

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876

Trust: 0.1

sources: VULHUB: VHN-54429 // BID: 52379 // JVNDB: JVNDB-2012-002979 // PACKETSTORM: 134748 // PACKETSTORM: 115435 // PACKETSTORM: 135349 // PACKETSTORM: 117449 // PACKETSTORM: 116804 // PACKETSTORM: 117450 // PACKETSTORM: 113606 // PACKETSTORM: 111254 // CNNVD: CNNVD-201204-164 // NVD: CVE-2012-1148

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 52379

SOURCES

db:VULHUBid:VHN-54429
db:BIDid:52379
db:JVNDBid:JVNDB-2012-002979
db:PACKETSTORMid:134748
db:PACKETSTORMid:115435
db:PACKETSTORMid:135349
db:PACKETSTORMid:117449
db:PACKETSTORMid:116804
db:PACKETSTORMid:117450
db:PACKETSTORMid:113606
db:PACKETSTORMid:111254
db:CNNVDid:CNNVD-201204-164
db:NVDid:CVE-2012-1148

LAST UPDATE DATE

2024-12-21T22:53:05.730000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-54429date:2018-01-05T00:00:00
db:BIDid:52379date:2017-03-29T03:01:00
db:JVNDBid:JVNDB-2012-002979date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201204-164date:2021-01-26T00:00:00
db:NVDid:CVE-2012-1148date:2024-11-21T01:36:32.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-54429date:2012-07-03T00:00:00
db:BIDid:52379date:2012-03-09T00:00:00
db:JVNDBid:JVNDB-2012-002979date:2012-07-05T00:00:00
db:PACKETSTORMid:134748date:2015-12-10T17:16:36
db:PACKETSTORMid:115435date:2012-08-13T15:22:59
db:PACKETSTORMid:135349date:2016-01-21T22:22:00
db:PACKETSTORMid:117449date:2012-10-18T06:05:25
db:PACKETSTORMid:116804date:2012-09-24T15:03:31
db:PACKETSTORMid:117450date:2012-10-18T06:05:41
db:PACKETSTORMid:113606date:2012-06-13T22:55:47
db:PACKETSTORMid:111254date:2012-03-28T03:00:55
db:CNNVDid:CNNVD-201204-164date:2012-03-09T00:00:00
db:NVDid:CVE-2012-1148date:2012-07-03T19:55:02.757