Advisories » MGASA-2016-0227

Updated expat packages fix security vulnerabilities

Publication date: 17 Jun 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2012-6702 , CVE-2016-5300

Description

Updated expat packages fix security vulnerabilities:

An issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen
discovered that the use of the function XML_Parse() seeds the random number
generator generating repeated outputs for rand() calls (CVE-2012-6702).

Due to an incomplete solution for CVE-2012-0876, the parser poorly seeds the
random number generator allowing an attacker to cause a denial of service
(CPU consumption) via an XML file with crafted identifiers (CVE-2016-5300).
                

References

SRPMS

5/core