CVE-2016-5300: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU…

CVE-2017-5029 [HIGH] CVE-2017-5029: iTunes 12.6 for Windows Apple Security Update: About the security content of iTunes 12.6 for Windows Product: iTunes 12.6 for Windows CVE: CVE-2017-5029 Component: CVE-2016-5300 Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-5300 [HIGH] CVE-2016-5300: iTunes 12.6 Apple Security Update: About the security content of iTunes 12.6 Product: iTunes Version: 12.6 CVE: CVE-2016-5300 Component: CVE-2016-5300

CVE-2016-5300 [HIGH] CVE-2016-5300: iTunes 12.6 for Windows Apple Security Update: About the security content of iTunes 12.6 for Windows Product: iTunes 12.6 for Windows CVE: CVE-2016-5300 Component: CVE-2016-5300 Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-5300 [HIGH] CVE-2016-5300: Android Security Bulletin 2016-11-01 CVE: CVE-2016-5300 Severity: MEDIUM Affected AOSP versions: 4 Android Security Bulletin 2016-11-01 CVE: CVE-2016-5300 Severity: MEDIUM Affected AOSP versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 References: A-29149404

CVE-2012-6702 [MEDIUM] Expat vulnerabilities Title: Expat vulnerabilities Summary: Several security issues were fixed in Expat. It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Instructions: After a standard system upgrade you need to restart any applications linked against Expat to effect the necessary changes.

CVE-2012-6702 [MEDIUM] XML-RPC for C and C++ vulnerabilities Title: XML-RPC for C and C++ vulnerabilities Summary: Several security issues were fixed in XML-RPC for C and C++. It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly exec

CVE-2016-5300 [MEDIUM] CWE-331 expat: Little entropy used for hash initialization expat: Little entropy used for hash initialization The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. Package: expat (Red Hat Directory Server 8) - Under investigation Package: expat (Red Hat Enterprise Linux 5) - Will not fix Package: firefox (Red Hat Enterprise Linux 5) - Not affected Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected Package: xmlrpc-c (Red Hat Enterprise Linux 5) - Will not fix Package: xulrunner (Red Hat Enterprise Linux 5) - Not affected Package: compat-expat1 (Red Hat Enterprise Linux 6) - Not affected Pack

CVE-2016-5300 [MEDIUM] CVE-2016-5300: expat - The XML parser in Expat does not use sufficient entropy for hash initialization,... The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. Scope: local bookworm: resolved (fixed in 2.1.1-3) bullseye: resolved (fixed in 2.1.1-3) forky: resolved (fixed in 2.1.1-3) sid: resolved (fixed in 2.1.1-3) trixie: resolved (fixed in 2.1.1-3)

CVE-2016-5300 [MEDIUM] GHSA-59r7-7hc4-v4rf: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

CVE-2012-6702 [MEDIUM] expat vulnerabilities expat vulnerabilities It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)

CVE-2016-5300 [MEDIUM] CVE-2016-5300: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

CVE-2018-14647 [HIGH] CVE-2018-14647 python: Missing salt initialization in _elementtree.c module CVE-2018-14647 python: Missing salt initialization in _elementtree.c module A flaw was found in python's _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don't call XML_SetHashSalt(), failing to properly initiate the random hash seed from a good CSPRNG source and making hash collision attacks with carefully crafted XML data easier. Upstream bug: https://bugs.python.org/issue34623. Discussion: Acknowledgments: Name: the Python Security Response Team --- Note that expat >=2.2.2 will internally initialize the hash salt with a more securely generated value providing arc4random, getrandom or /dev/urandom is available. The risk is greatest on earlier versions of expat (eg 2.1.0) or where such sources are not available. --- External References: https://

[MEDIUM] Update to Expat 2.2.1 Update to Expat 2.2.1 Update expat files that live in: parser/expat/lib/ For list of fixed CVEs see: http://www.openwall.com/lists/oss-security/2017/06/17/7 Discussion: This fixes some integer overflows, a double free and more. So marking s-s for now. --- FWIW I've explicitly avoided updating to the latest expat versions as they've tend to introduce more CVE's than they fix. We keep a much trimmed down (and modified) version of 2.0.0 in tree, it would be interesting to see what overlap there is and maybe just cherry-pick changes that are relevant to us. --- I've started looking over the differences. I'll attach some patches with some no-brainers and then we can decide on the rest. --- From the release notes: CVE-2017-9233 External entity infinite loop DoS Probably affects us, I

CVE-2016-5300 [HIGH] CVE-2016-5300 mingw-expat: expat: Little entropy used for hash initialization [fedora-all] CVE-2016-5300 mingw-expat: expat: Little entropy used for hash initialization [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported

CVE-2016-5300 [HIGH] CVE-2016-5300 expat: Little entropy used for hash initialization [fedora-all] CVE-2016-5300 expat: Little entropy used for hash initialization [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of

CVE-2016-5300 [HIGH] CVE-2016-5300 expat21: expat: Little entropy used for hash initialization [epel-all] CVE-2016-5300 expat21: expat: Little entropy used for hash initialization [epel-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported

CVE-2016-5300 [HIGH] CVE-2016-5300 compat-expat1: expat: Little entropy used for hash initialization [fedora-all] CVE-2016-5300 compat-expat1: expat: Little entropy used for hash initialization [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple support

CVE-2016-5300 [MEDIUM] CVE-2016-5300 expat: Little entropy used for hash initialization CVE-2016-5300 expat: Little entropy used for hash initialization It was found that original fix for CVE-2012-0876 used too little entropy for the hash intilization. CVE assignment: http://seclists.org/oss-sec/2016/q2/473 Discussion: Created compat-expat1 tracking bugs for this issue: Affects: fedora-all [bug 1343087] --- Created expat tracking bugs for this issue: Affects: fedora-all [bug 1343086] --- Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 1343088] Affects: epel-7 [bug 1343090] --- Created expat21 tracking bugs for this issue: Affects: epel-all [bug 1343089] --- Created attachment 1165210 Proposed upstream patch

CVE-2016-5300 [HIGH] CVE-2016-5300 mingw-expat: expat: Little entropy used for hash initialization [epel-7] CVE-2016-5300 mingw-expat: expat: Little entropy used for hash initialization [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-trackin