[ALAS-2016-775] Amazon Linux AMI 2014.03 - ALAS-2016-775: medium priority package update for expat
Severity
Medium
Affected Packages
6
CVEs
1
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-0718:
* An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
| Package | Affected Version |
|---|---|
 pkg:rpm/amazonlinux/expat?arch=x86_64&distro=amazonlinux-1
|
< 2.1.0-10.21.amzn1 |
|
pkg:rpm/amazonlinux/expat?arch=i686&distro=amazonlinux-1
|
< 2.1.0-10.21.amzn1 |
|
pkg:rpm/amazonlinux/expat-devel?arch=x86_64&distro=amazonlinux-1
|
< 2.1.0-10.21.amzn1 |
|
pkg:rpm/amazonlinux/expat-devel?arch=i686&distro=amazonlinux-1
|
< 2.1.0-10.21.amzn1 |
|
pkg:rpm/amazonlinux/expat-debuginfo?arch=x86_64&distro=amazonlinux-1
|
< 2.1.0-10.21.amzn1 |
|
pkg:rpm/amazonlinux/expat-debuginfo?arch=i686&distro=amazonlinux-1
|
< 2.1.0-10.21.amzn1 |
- ID
- ALAS-2016-775
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2016-775.html
- Published
-
2016-12-15T00:38:00
(7 years ago) - Modified
-
2016-12-15T23:51:00
(7 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALPINE:CVE-2016-0718
-
DSA-3582-1
-
ELSA-2016-2824
-
FEDORA-2016-0fd6ca526a
-
FEDORA-2016-60889583ab
-
FEDORA-2016-7c6e7a9265
-
FREEBSD:57B3ABA7-1E25-11E6-8DD3-002590263BF5
-
FREEBSD:8719B935-8BAE-41AD-92BA-3C826F651219
-
FREEBSD:9164F51E-AE20-11E7-A633-009C02A2AB30
-
FREEBSD:AA1AEFE3-6E37-47DB-BFDA-343EF4ACB1B5
-
GLSA-201701-21
-
RHSA-2016:2824
-
SSA:2016-359-01
-
SSA:2017-266-02
-
SSA:2018-124-01
-
SUSE-SU-2016:1508-1
-
SUSE-SU-2016:1512-1
-
SUSE-SU-2017:2699-1
-
SUSE-SU-2017:2700-1
-
SUSE-SU-2020:0497-1
-
USN-2983-1
-
USN-3013-1
-
USN-3044-1
-
USN-5455-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2016-0718 |
|
|
| redhat | RHSA-2016:2824 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/expat?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
expat
|
< 2.1.0-10.21.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/expat?arch=i686&distro=amazonlinux-1 | amazonlinux |
expat
|
< 2.1.0-10.21.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/expat-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
expat-devel
|
< 2.1.0-10.21.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/expat-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
expat-devel
|
< 2.1.0-10.21.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/expat-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
expat-debuginfo
|
< 2.1.0-10.21.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/expat-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
expat-debuginfo
|
< 2.1.0-10.21.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |