Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1527-1 August 10, 2012 expat vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Expat could be made to cause a denial of service by consuming excessive CPU and memory resources. Software Description: - expat: XML parsing C library - example application Details: It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: lib64expat1 2.0.1-7.2ubuntu1.1 libexpat1 2.0.1-7.2ubuntu1.1 libexpat1-udeb 2.0.1-7.2ubuntu1.1 Ubuntu 11.10: lib64expat1 2.0.1-7ubuntu3.11.10.1 libexpat1 2.0.1-7ubuntu3.11.10.1 libexpat1-udeb 2.0.1-7ubuntu3.11.10.1 Ubuntu 11.04: lib64expat1 2.0.1-7ubuntu3.11.04.1 libexpat1 2.0.1-7ubuntu3.11.04.1 libexpat1-udeb 2.0.1-7ubuntu3.11.04.1 Ubuntu 10.04 LTS: lib64expat1 2.0.1-7ubuntu1.1 libexpat1 2.0.1-7ubuntu1.1 libexpat1-udeb 2.0.1-7ubuntu1.1 Ubuntu 8.04 LTS: lib64expat1 2.0.1-0ubuntu1.2 libexpat1 2.0.1-0ubuntu1.2 libexpat1-udeb 2.0.1-0ubuntu1.2 After a standard system upgrade you need to restart any applications linked against Expat to effect the necessary changes. References: http://www.ubuntu.com/usn/usn-1527-1 CVE-2012-0876, CVE-2012-1148 Package Information: https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.10.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu3.11.04.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-7ubuntu1.1 https://launchpad.net/ubuntu/+source/expat/2.0.1-0ubuntu1.2