| Errata ID | 348 |
|---|---|
| Date | 2016-12-01 |
| Source package | expat |
| Fixed in version | 2.1.0-1.24.201611102054 |
| Description | This update addresses the following issue(s): * unanticipated internal calls to srand (CVE-2012-6702) * Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data (CVE-2015-1283) * Out-of-bounds heap read on crafted input causing crash or code execution (CVE-2016-0718) * use of too little entropy (CVE-2016-5300) |
| Additional notes | |
| CVE ID | CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-5300 |
| UCS Bug number | #39421 |
