Overview

File _patchinfo of Package patchinfo.4117

<patchinfo incident="4117">
  <issue id="983215" tracker="bnc">VUL-1: CVE-2012-6702: expat: XML_Parse breaks rand() function</issue>
  <issue id="983216" tracker="bnc">VUL-1: CVE-2016-5300: expat: Re: expat hash collision fix too predictable?</issue>
  <issue id="2012-6702" tracker="cve" />
  <issue id="2016-5300" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>
This update for expat fixes the following security issues:

- CVE-2012-6702: Expat, when used in a parser that has not
  called XML_SetHashSalt or passed it a seed of 0, made it easier for
  context-dependent attackers to defeat cryptographic protection mechanisms
  via vectors involving use of the srand function.  (bsc#983215)
- CVE-2016-5300: The XML parser in Expat did not use sufficient entropy
  for hash initialization, which allowed context-dependent attackers to
  cause a denial of service (CPU consumption) via crafted identifiers in
  an XML document. NOTE: this vulnerability exists because of an incomplete
  fix for CVE-2012-0876.  (bsc#983216)
</description>
  <summary>Security update for expat</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places