Scientific Linux SLSA-2016-2824-1: Moderate Fix for Expat Out-Of-Bounds

Date: Wed, 14 Dec 2016 18:19:28 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: expat on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20161214181928.15408.36839@slpackages.fnal.gov>

Synopsis: Moderate: expat security update
Advisory ID: SLSA-2016:2824-1
Issue Date: 2016-11-28
CVE Numbers: CVE-2016-0718
--

Security Fix(es):

* An out-of-bounds read flaw was found in the way Expat processed certain
input. A remote attacker could send specially crafted XML that, when
parsed by an application using the Expat library, would cause that
application to crash or, possibly, execute arbitrary code with the
permission of the user running the application. (CVE-2016-0718)
--

SL6
 x86_64
 expat-2.0.1-13.el6_8.i686.rpm
 expat-2.0.1-13.el6_8.x86_64.rpm
 expat-debuginfo-2.0.1-13.el6_8.i686.rpm
 expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm
 expat-devel-2.0.1-13.el6_8.i686.rpm
 expat-devel-2.0.1-13.el6_8.x86_64.rpm
 i386
 expat-2.0.1-13.el6_8.i686.rpm
 expat-debuginfo-2.0.1-13.el6_8.i686.rpm
 expat-devel-2.0.1-13.el6_8.i686.rpm
SL7
 x86_64
 expat-2.1.0-10.el7_3.i686.rpm
 expat-2.1.0-10.el7_3.x86_64.rpm
 expat-debuginfo-2.1.0-10.el7_3.i686.rpm
 expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm
 expat-devel-2.1.0-10.el7_3.i686.rpm
 expat-devel-2.1.0-10.el7_3.x86_64.rpm
 expat-static-2.1.0-10.el7_3.i686.rpm
 expat-static-2.1.0-10.el7_3.x86_64.rpm

- Scientific Linux Development Team