Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Ubuntu 12.04 LTS USN-1527-1 Critical Expat Denial of Service

Calendar Aug 10, 2012 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical Ubuntu update instructions Denial of Service service interruption Expat
Expat could be made to cause a denial of service by consuming excessive CPUand memory resources. 
=========================================================================Ubuntu Security Notice USN-1527-1
August 10, 2012

expat vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Expat could be made to cause a denial of service by consuming excessive CPU
and memory resources.

Software Description:
- expat: XML parsing C library - example application

Details:

It was discovered that Expat computed hash values without restricting the
ability to trigger hash collisions predictably. If a user or application linked
against Expat were tricked into opening a crafted XML file, an attacker could
cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)

Tim Boddy discovered that Expat did not properly handle memory reallocation
when processing XML files. If a user or application linked against Expat were
tricked into opening a crafted XML file, an attacker could cause a denial of
service by consuming excessive memory resources. This issue only affected
Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  lib64expat1                     2.0.1-7.2ubuntu1.1
  libexpat1                       2.0.1-7.2ubuntu1.1
  libexpat1-udeb                  2.0.1-7.2ubuntu1.1

Ubuntu 11.10:
  lib64expat1                     2.0.1-7ubuntu3.11.10.1
  libexpat1                       2.0.1-7ubuntu3.11.10.1
  libexpat1-udeb                  2.0.1-7ubuntu3.11.10.1

Ubuntu 11.04:
  lib64expat1                     2.0.1-7ubuntu3.11.04.1
  libexpat1                       2.0.1-7ubuntu3.11.04.1
  libexpat1-udeb                  2.0.1-7ubuntu3.11.04.1

Ubuntu 10.04 LTS:
  lib64expat1                     2.0.1-7ubuntu1.1
  libexpat1                       2.0.1-7ubuntu1.1
  libexpat1-udeb                  2.0.1-7ubuntu1.1

Ubuntu 8.04 LTS:
  lib64expat1                     2.0.1-0ubuntu1.2
  libexpat1                       2.0.1-0ubuntu1.2
  libexpat1-udeb                  2.0.1-0ubuntu1.2

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1527-1
  CVE-2012-0876, CVE-2012-1148

Package Information:
  https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.1
  https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.10.1
  https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.04.1
  https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu1.1
  https://launchpad.net/ubuntu/+source/expat/2.0.1-0ubuntu1.2

Ubuntu 12.04 LTS USN-1527-1 Critical Expat Denial of Service

ubuntu
Calendar Grey August 10, 2012
Dist Ubuntu Esm H88
Excessive resource consumption by Expat could lead to service outages. Ensure your Ubuntu is up to date for enhanced security.
Expat could be made to cause a denial of service by consuming excessive CPUand memory resources.

Summary

Topics%20covered

Topics Covered

security advisory critical Ubuntu update instructions Denial of Service service interruption Expat

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: lib64expat1 2.0.1-7.2ubuntu1.1 libexpat1 2.0.1-7.2ubuntu1.1 libexpat1-udeb 2.0.1-7.2ubuntu1.1 Ubuntu 11.10: lib64expat1 2.0.1-7ubuntu3.11.10.1 libexpat1 2.0.1-7ubuntu3.11.10.1 libexpat1-udeb 2.0.1-7ubuntu3.11.10.1 Ubuntu 11.04: lib64expat1 2.0.1-7ubuntu3.11.04.1 libexpat1 2.0.1-7ubuntu3.11.04.1 libexpat1-udeb 2.0.1-7ubuntu3.11.04.1 Ubuntu 10.04 LTS: lib64expat1 2.0.1-7ubuntu1.1 libexpat1 2.0.1-7ubuntu1.1 libexpat1-udeb 2.0.1-7ubuntu1.1 Ubuntu 8.04 LTS: lib64expat1 2.0.1-0ubuntu1.2 libexpat1 2.0.1-0ubuntu1.2 libexpat1-udeb 2.0.1-0ubuntu1.2 After a standard system upgrade you need to restart any applications linked against Expat to effect the necessary changes.

References

https://ubuntu.com/security/notices/USN-1527-1

CVE-2012-0876, CVE-2012-1148

Severity
critical
Lowest
Low
Medium
High
Critical

August 10, 2012

Topics%20covered

Topics Covered

security advisory critical Ubuntu update instructions Denial of Service service interruption Expat

Package Information

https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.10.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.04.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu1.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-0ubuntu1.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here