SB2016061608 - Fedora 22 update for expat

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) XXE attack (CVE-ID: CVE-2016-4472)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the overflow protection in Expat is removed by compilers with certain optimization settings. A remote attacker can supply specially crafted XML data and cause the service to crash.

The vulnerability exists due to incomplete fix for CVE-2015-1283 and CVE-2015-2716.

2) Input validation error (CVE-ID: CVE-2016-5300)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (CPU consumption) via crafted identifiers in an XML document.

3) Buffer overflow in Tenable Nessus (CVE-ID: CVE-2016-0718)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malformed input documents. A remote unauthenticated attacker can trigger a buffer overflow in the Expat XML parser library and execute arbitrary code by sending specially crafted data to vulnerable server.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Cryptographic issues (CVE-ID: CVE-2012-6702)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a