USN-3010-1 Expat vulnerabilities

Severity

Medium

Vendor

expat – XML parsing C library, Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702)

It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)

Affected Products and Versions

Severity is medium unless otherwise noted.

All versions of Cloud Foundry cflinuxfs2 prior to v.1.67.0

Mitigation

Users are strongly encouraged to follow the mitigation below:

The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.67.0 or later versions

References

http://www.ubuntu.com/usn/usn-3010-1/
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6702.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5300.html

USN-3010-1 Expat vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

References

You Might Also Like

USN-6839-1: MariaDB vulnerability

USN-5076-1: Git vulnerability

CVE-2018-1190: XSS on UAA OpenID Connect check session iframe endpoint

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!