SUSE-SU-2012:0772-1: moderate: Security update for expat

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jun 20 15:08:32 MDT 2012


   SUSE Security Update: Security update for expat
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0772-1
Rating:             moderate
References:         #750914 #751464 #751465 
Cross-References:   CVE-2012-0876 CVE-2012-1147 CVE-2012-1148
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   The following issues have been fixed:

   * expat was prone to a hash collision attack that could
   lead to excessive CPU usage (CVE-2012-0876)
   * expat didn't close file descriptors in some cases
   (CVE-2012-1147)
   * specially crafted XML files could lead to a memory
   leak (CVE-2012-1148)

   Security Issue references:

   * CVE-2012-0876
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
   >
   * CVE-2012-1147
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147
   >
   * CVE-2012-1148
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      expat-2.0.0-13.17.25

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      expat-32bit-2.0.0-13.17.25

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      expat-x86-2.0.0-13.17.25

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      expat-64bit-2.0.0-13.17.25

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      expat-2.0.0-13.17.25

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      expat-32bit-2.0.0-13.17.25


References:

   http://support.novell.com/security/cve/CVE-2012-0876.html
   http://support.novell.com/security/cve/CVE-2012-1147.html
   http://support.novell.com/security/cve/CVE-2012-1148.html
   https://bugzilla.novell.com/750914
   https://bugzilla.novell.com/751464
   https://bugzilla.novell.com/751465
   http://download.novell.com/patch/finder/?keywords=4a77c640139b9b5a7e5b29f40a1e6f95



More information about the sle-security-updates mailing list