Packages
- expat - XML parsing C library - example application
Details
It was discovered that Expat computed hash values without restricting the
ability to trigger hash collisions predictably. If a user or application linked
against Expat were tricked into opening a crafted XML file, an attacker could
cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)
Tim Boddy discovered that Expat did not properly handle memory reallocation
when processing XML files. If a user or application linked against Expat were
tricked into opening a crafted XML file, an attacker could cause a denial of
service by consuming excessive memory resources. This issue only affected
Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)
It was discovered that Expat computed hash values without restricting the
ability to trigger hash collisions predictably. If a user or application linked
against Expat were tricked into opening a crafted XML file, an attacker could
cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)
Tim Boddy discovered that Expat did not properly handle memory reallocation
when processing XML files. If a user or application linked against Expat were
tricked into opening a crafted XML file, an attacker could cause a denial of
service by consuming excessive memory resources. This issue only affected
Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)
Update instructions
After a standard system upgrade you need to restart any applications linked against Expat to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 8.04 hardy | lib64expat1 – 2.0.1-0ubuntu1.2 | ||
| libexpat1-udeb – 2.0.1-0ubuntu1.2 | |||
| libexpat1 – 2.0.1-0ubuntu1.2 | |||
| 12.04 precise | lib64expat1 – 2.0.1-7.2ubuntu1.1 | ||
| libexpat1-udeb – 2.0.1-7.2ubuntu1.1 | |||
| libexpat1 – 2.0.1-7.2ubuntu1.1 | |||
| 11.10 oneiric | lib64expat1 – 2.0.1-7ubuntu3.11.10.1 | ||
| libexpat1-udeb – 2.0.1-7ubuntu3.11.10.1 | |||
| libexpat1 – 2.0.1-7ubuntu3.11.10.1 | |||
| 11.04 natty | lib64expat1 – 2.0.1-7ubuntu3.11.04.1 | ||
| libexpat1-udeb – 2.0.1-7ubuntu3.11.04.1 | |||
| libexpat1 – 2.0.1-7ubuntu3.11.04.1 | |||
| 10.04 lucid | lib64expat1 – 2.0.1-7ubuntu1.1 | ||
| libexpat1-udeb – 2.0.1-7ubuntu1.1 | |||
| libexpat1 – 2.0.1-7ubuntu1.1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.