Stay Secure with the Latest Linux Advisories

security advisorymoderatedenial of service

ArchLinux: ASA-202309-21 Moderate: SDL2 Buffer Overflow Vulnerabilities

The package expat before version 2.1.1-3 is vulnerable to multiple issues including predictable random numbers and insufficient hash entropy leading to denial of service. . Arch Linux Security Advisory ASA-201606-13 ========================================= Severity: Medium Date : 2016-06-13 CVE-ID : CVE-2012-6702 CVE-2016-5300 Package : expat Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package expat before version 2.1.1-3 is vulnerable to multiple issues including predictable random numbers and insufficient hash entropy leading to denial of service. Resolution ========= Upgrade to 2.1.1-3. # pacman -Syu "expat> =2.1.1-3" The problems have been fixed upstream but no release is available yet. Workaround ========= None. Description ========== - CVE-2012-6702 (predictable random numbers) It was found that when calling XML_Parse ahead of rand(), it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 (denial of service) It was found that original fix for CVE-2012-0876 used too little entropy for the hash initialization. This issue can be used to perform a hash collision based denial of service attack. Impact ===== A remote attacker is able to predict random numbers from the PRNG or perform a hash based collision attack resulting in denial of service. References ========= https://access.redhat.com/security/cve/CVE-2012-6702 https://access.redhat.com/security/cve/CVE-2016-5300 . Review the ArchLinux Advisory ASA-201606-13: several vulnerabilities in expat necessitate an upgrade to address potential threats.. Expat Issues, ArchLinux Advisory, Update Procedures, Denial Of Service, Cybersecurity Risks. . Severity: Medium. LinuxSecurity.com Team

Jun 13, 2016 •Medium ArchLinux