ArchLinux: 201605-23: lib32-expat: arbitrary code execution
Summary
- CVE-2015-1283 (arbitrary code execution)
Multiple integer overflows in the XML_GetBuffer function allow remote
attackers to cause a denial of service (heap-based buffer overflow) or
possibly arbitrary code execution via crafted XML data.
This problem has already been fixed in version 2.1.0-1 but this update
refreshes the fix to avoid relying on undefined behavior.
- CVE-2016-0718 (arbitrary code execution)
The Expat XML parser mishandles certain kinds of malformed input
documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as
memory corruption during a parse operation. The bugs allow for a denial
of service attack in many applications by an unauthenticated attacker,
and could conceivably result in remote code execution.
Resolution
Upgrade to 2.1.1-2.
# pacman -Syu "lib32-expat>=2.1.1-2"
The problems have been fixed upstream but no release is available yet.
References
https://access.redhat.com/security/cve/CVE-2015-1283 https://access.redhat.com/security/cve/CVE-2016-0718 https://seclists.org/oss-sec/2016/q2/360
Workaround
None.