[FEDORA-2016-7c6e7a9265] Fedora 24: expat

Severity Critical

Affected Packages 1

CVEs 4

Security fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and
CVE-2012-6702.

Package	Affected Version
pkg:rpm/fedora/expat?distro=fedora-24	< 2.1.1.2.fc24

ID

FEDORA-2016-7c6e7a9265

Severity

critical

Severity from

CVE-2016-0718

URL

Published

2016-06-21T19:27:49
(8 years ago)

Modified

2016-06-21T19:27:49
(8 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
Bugzilla	1343086	Bug #1343086 - CVE-2016-5300 expat: Little entropy used for hash initialization [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=1343086
Bugzilla	1344252	Bug #1344252 - CVE-2016-4472 expat: Undefined behavior and pointer overflows [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=1344252
Bugzilla	1197087	Bug #1197087 - XML_Parse breaks rand() function	https://bugzilla.redhat.com/show_bug.cgi?id=1197087
Bugzilla	1337116	Bug #1337116 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=1337116
Bugzilla	1319732	Bug #1319732 - CVE-2012-6702 expat: Using XML_Parse before rand() results into non-random output [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=1319732

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/fedora/expat?distro=fedora-24	fedora	expat	< 2.1.1.2.fc24	fedora-24

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date