==========================================================================
Ubuntu Security Notice USN-2983-1
May 18, 2016
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 15.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
Expat could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
– expat: XML parsing C library
Details:
Gustavo Grieco discovered that Expat incorrectly handled malformed XML
data. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service, or
possibly execute arbitrary code. (CVE-2016-0718)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
lib64expat1 2.1.0-7ubuntu0.16.04.1
libexpat1 2.1.0-7ubuntu0.16.04.1
Ubuntu 15.10:
lib64expat1 2.1.0-7ubuntu0.15.10.1
libexpat1 2.1.0-7ubuntu0.15.10.1
Ubuntu 14.04 LTS:
lib64expat1 2.1.0-4ubuntu1.2
libexpat1 2.1.0-4ubuntu1.2
Ubuntu 12.04 LTS:
lib64expat1 2.0.1-7.2ubuntu1.3
libexpat1 2.0.1-7.2ubuntu1.3
After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2983-1
CVE-2016-0718
Package Information:
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.2
https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJXPFdHAAoJEGVp2FWnRL6TfOgP/3lFOSY1kcZX38A+JIn6Qfbd
K+upZGBpjIvmdTxtEfBvc1e18exlnfGR69XH1LZEttz9rIgAy4v9DpY1HzI16VK7
qiFct86IKoaJFND8BJvaQSyFUo7FKTD4th/LWNrTX0gKD7x3dNu1Rv69L8nvc1sp
U8n6sR4iWEhIk441EbkpHegVkG5Di51lnqVxW6Hh7MmWIwbJE1yoc8iDE0cu8H8m
/c6xdJjkUF/GrNG2CldrTXnx8PXgHHcje/1FSpnPwhFiXhD689/Iip67npy4LHyx
WBisdsUp7PJaEbb2JQZgSjTt7FjqvU9hnQxxcxf+4wiJWKDIIjRVjzKGvxvNqb5g
20KE18mWk68krxjkwDCEjA5SDvlM2eDeSp4qGPibqJQhpSgchxRluor6HGlrjOfE
e7rK2vxL/UxjhGx0WhWgzMwwB5NA1e6RUTDOfhT4FSShpBTlzAnUem7v0Is86r3J
o2ysd2/07j+Y18gIlFuOWZNi7FCMrQnvBX/9cS153y1oG28ydMDLD11MJNVUICRx
1LYzvkHU0BnSJws/eJcy2FCcx+Qs+0DIpcn8Xh7eLKUtNlhbMiqTiJ6VTVvmSmSb
WN480Vc1blaKc0qGB6ILokxY2LKm9B2AyNWcnem61AgY9LWsg2wHY5Qa2dAb2AwG
2HNOh5RJGcfD6zs/Zel5
=gLNq
—–END PGP SIGNATURE—–
—