ALT Linux Team

Package expat update in c6 on 2015-12-25

ALT-PU-2015-2184-1

Package expat updated to version 2.0.1-alt5.M60C.2 for branch c6 in task 153459.

Closed vulnerabilities

Published: 2012-09-24

BDU:2015-09649

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0)
References:
Published: 2012-07-03
Modified: 2022-08-05

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Severity: MEDIUM (4.3)
References:
Published: 2012-07-03
Modified: 2021-01-25

CVE-2012-1147

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

Severity: MEDIUM (4.3)
References:
Published: 2012-07-03
Modified: 2021-01-25

CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Severity: MEDIUM (5.0)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top