Advisories » MGASA-2016-0193

Updated expat packages fix security vulnerability

Publication date: 20 May 2016
Modification date: 20 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0718

Description

Gustavo Grieco discovered that Expat does not properly handle certain
kinds of malformed input documents, resulting in buffer overflows during
processing and error reporting. A remote attacker can take advantage of
this flaw to cause an application using the Expat library to crash, or
potentially, to execute arbitrary code with the privileges of the user
running the application (CVE-2016-0718).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18479
• https://www.debian.org/security/2016/dsa-3582
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718

SRPMS

5/core

• expat-2.1.0-9.2.mga5