DSA-3597-1 expat -- expatID: oval:org.secpod.oval:def:602529 | Date: (C)2016-06-09 (M)2024-02-19 |
Class: PATCH | Family: unix |
Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. CVE-2016-5300 It is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries.