ID

VAR-201606-0135

CVE

CVE-2016-5300

TITLE

Expat of XML Service disruption in parsers (DoS) Vulnerabilities

DESCRIPTION

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. The Expat library is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <57683228.8060901@canonical.com> Subject: [USN-3013-1] XML-RPC for C and C++ vulnerabilities ============================================================================ Ubuntu Security Notice USN-3013-1 June 20, 2016 xmlrpc-c vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in XML-RPC for C and C++. Software Description: - xmlrpc-c: Lightweight RPC library based on XML and HTTP Details: It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-4472) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxmlrpc-c++4 1.16.33-3.1ubuntu5.2 libxmlrpc-core-c3 1.16.33-3.1ubuntu5.2 After a standard system upgrade you need to restart any applications linked against XML-RPC for C and C++ to effect the necessary changes. References: http://www.ubuntu.com/usn/usn-3013-1 CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300 Package Information: https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2 . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/python-2.7.15-i586-1_slack14.2.txz: Upgraded. Updated to the latest 2.7.x release. This fixes some security issues in difflib and poplib (regexes vulnerable to denial of service attacks), as well as security issues with the bundled expat library. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.15-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.15-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.15-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.15-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.15-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.15-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.15-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.15-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 815f18de185a913b37f8a4a5ba209a33 python-2.7.15-i486-1_slack14.0.txz Slackware x86_64 14.0 package: ac2745d0977849cf16ad3b386ad6e706 python-2.7.15-x86_64-1_slack14.0.txz Slackware 14.1 package: 96fa93f516bfefae9539d8d5329fe8e1 python-2.7.15-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5895cf391b0de5746e4c23c5c34dd50f python-2.7.15-x86_64-1_slack14.1.txz Slackware 14.2 package: 82212eec089fe925da83e47d5b829b3e python-2.7.15-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 9ca1bd6126f729067fc507271889643e python-2.7.15-x86_64-1_slack14.2.txz Slackware -current package: fa60bc913282d7992f5cf8b29863a411 d/python-2.7.15-i586-1.txz Slackware x86_64 -current package: 0d473b473463c6927a1efaab6e6f601d d/python-2.7.15-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg python-2.7.15-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlrswRQACgkQakRjwEAQIjMn4gCgj6BK6MXBaKThgulSSZnxOebc Ot0An3uKq5ASx59tnVKGmSC4YGaYb3Xh =kC7x -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3597-1 security@debian.org https://www.debian.org/security/ Luciano Bello June 07, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2012-6702 CVE-2016-5300 Two related issues have been discovered in Expat, a C library for parsing XML. Stefan Sørensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. CVE-2016-5300 It is the product of an incomplete solution for CVE-2012-0876. You might need to manually restart programs and services using expat libraries. For the stable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u3. For the unstable distribution (sid), these problems have been fixed in version 2.1.1-3. We recommend that you upgrade your expat packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017 iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153 iTunes Available for: Windows 7 and later Impact: Multiple issues in expat Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017 Installation note: iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Daniel Micay

SOURCES

LAST UPDATE DATE

2025-04-20T22:44:42.280000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE