Oval Definition:oval:org.opensuse.security:def:78865
Revision Date:2017-02-08Version:1
Title:Security update for expat (Moderate)
Description:



This update for expat fixes the following security issues:

- CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216)
Family:unixClass:patch
Status:Reference(s):983215
983216
CVE-2012-6702
CVE-2016-5300
SUSE-SU-2017:0424-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • expat-2.1.0-20.2 is installed
  • OR libexpat1-2.1.0-20.2 is installed
  • OR libexpat1-32bit-2.1.0-20.2 is installed
    • BACK