Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-6702 (GCVE-0-2012-6702)
Vulnerability from cvelistv5 – Published: 2016-06-16 18:00 – Updated: 2024-08-06 21:36
VLAI
EPSS
Summary
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/tns-2016-20 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/91483 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2016/dsa-3597 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2016/06/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/06/03/8 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201701-21 | vendor-advisoryx_refsource_GENTOO |
| https://source.android.com/security/bulletin/2016… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-3010-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2012-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "91483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91483"
},
{
"name": "DSA-3597",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"name": "GLSA-201701-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "USN-3010-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3010-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:42.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "91483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91483"
},
{
"name": "DSA-3597",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"name": "GLSA-201701-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "USN-3010-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3010-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2012-6702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "91483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91483"
},
{
"name": "DSA-3597",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "USN-3010-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3010-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2012-6702",
"datePublished": "2016-06-16T18:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:02.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2012-6702",
"date": "2026-05-29",
"epss": "0.00733",
"percentile": "0.73041"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-6702\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2016-06-16T18:59:00.327\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.\"},{\"lang\":\"es\",\"value\":\"Expat, cuando se utiliza en un int\u00e9rprete que no ha realizado una llamada XML_SetHashSalt o pasado una semilla de 0, facilita a atacantes dependientes del contexto romper mecanismos de protecci\u00f3n criptogr\u00e1fica a trav\u00e9s de vectores que involucran el uso de la funci\u00f3n srand.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"BE4EECEA-61AE-4AD0-87C2-89DC1890DDDD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9915371-C730-41F7-B86E-7E4DE0DF5385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2016/dsa-3597\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/03/8\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/04/1\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.securityfocus.com/bid/91483\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3010-1\",\"source\":\"security@opentext.com\"},{\"url\":\"https://security.gentoo.org/glsa/201701-21\",\"source\":\"security@opentext.com\"},{\"url\":\"https://source.android.com/security/bulletin/2016-11-01.html\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/03/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/04/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/91483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3010-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://source.android.com/security/bulletin/2016-11-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2016-AVI-370
Vulnerability from certfr_avis - Published: 2016-11-08 - Updated: 2016-11-08
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 7 novembre 2016
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 7 novembre 2016\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-6718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6718"
},
{
"name": "CVE-2014-9908",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9908"
},
{
"name": "CVE-2016-7916",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
},
{
"name": "CVE-2016-6732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6732"
},
{
"name": "CVE-2016-6719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6719"
},
{
"name": "CVE-2016-6739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6739"
},
{
"name": "CVE-2016-7914",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7914"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2016-7917",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7917"
},
{
"name": "CVE-2016-7913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
},
{
"name": "CVE-2015-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0410"
},
{
"name": "CVE-2016-6728",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6728"
},
{
"name": "CVE-2016-6730",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6730"
},
{
"name": "CVE-2016-6751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6751"
},
{
"name": "CVE-2016-6714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6714"
},
{
"name": "CVE-2016-6707",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6707"
},
{
"name": "CVE-2016-7912",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7912"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2015-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8961"
},
{
"name": "CVE-2016-6709",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6709"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-6727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6727"
},
{
"name": "CVE-2016-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6704"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6702"
},
{
"name": "CVE-2016-6729",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6729"
},
{
"name": "CVE-2016-6715",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6715"
},
{
"name": "CVE-2016-6735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6735"
},
{
"name": "CVE-2016-7915",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7915"
},
{
"name": "CVE-2016-6698",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6698"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-3906",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3906"
},
{
"name": "CVE-2016-6706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6706"
},
{
"name": "CVE-2016-6717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6717"
},
{
"name": "CVE-2015-8963",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
},
{
"name": "CVE-2016-6725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6725"
},
{
"name": "CVE-2016-6700",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6700"
},
{
"name": "CVE-2016-6746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6746"
},
{
"name": "CVE-2016-6738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6738"
},
{
"name": "CVE-2016-6740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6740"
},
{
"name": "CVE-2016-6724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6724"
},
{
"name": "CVE-2016-6747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6747"
},
{
"name": "CVE-2016-6744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6744"
},
{
"name": "CVE-2016-6752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6752"
},
{
"name": "CVE-2016-6711",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6711"
},
{
"name": "CVE-2016-3907",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3907"
},
{
"name": "CVE-2016-6710",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6710"
},
{
"name": "CVE-2016-6703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6703"
},
{
"name": "CVE-2016-6754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6754"
},
{
"name": "CVE-2016-6743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6743"
},
{
"name": "CVE-2016-6742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6742"
},
{
"name": "CVE-2016-6749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6749"
},
{
"name": "CVE-2016-6745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6745"
},
{
"name": "CVE-2016-6720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6720"
},
{
"name": "CVE-2016-6722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6722"
},
{
"name": "CVE-2016-6721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6721"
},
{
"name": "CVE-2016-6699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6699"
},
{
"name": "CVE-2016-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6733"
},
{
"name": "CVE-2016-6753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6753"
},
{
"name": "CVE-2016-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6750"
},
{
"name": "CVE-2016-6723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6723"
},
{
"name": "CVE-2016-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
},
{
"name": "CVE-2016-2184",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2184"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6734"
},
{
"name": "CVE-2016-6741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6741"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2016-6726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6726"
},
{
"name": "CVE-2016-6737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6737"
},
{
"name": "CVE-2016-6705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6705"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6708"
},
{
"name": "CVE-2016-6736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6736"
},
{
"name": "CVE-2016-6748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6748"
},
{
"name": "CVE-2016-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6828"
},
{
"name": "CVE-2016-6712",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6712"
},
{
"name": "CVE-2014-9675",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9675"
},
{
"name": "CVE-2016-6716",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6716"
},
{
"name": "CVE-2016-6713",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6713"
},
{
"name": "CVE-2016-6731",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6731"
},
{
"name": "CVE-2016-6701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6701"
}
],
"initial_release_date": "2016-11-08T00:00:00",
"last_revision_date": "2016-11-08T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-370",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 07 novembre 2016",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
CERTFR-2018-AVI-288
Vulnerability from certfr_avis - Published: 2018-06-14 - Updated: 2018-06-14
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus toutes versions ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2017-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
},
{
"name": "CVE-2015-5073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
},
{
"name": "CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2014-9769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2016-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2014-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2015-8389",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
}
],
"initial_release_date": "2018-06-14T00:00:00",
"last_revision_date": "2018-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-288",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-08 du 13 juin 2018",
"url": "https://www.tenable.com/security/tns-2018-08"
}
]
}
CERTFR-2018-AVI-293
Vulnerability from certfr_avis - Published: 2018-06-15 - Updated: 2018-06-15
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Agent | Nessus Agent versions 7.0.3 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
"product": {
"name": "Nessus Agent",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2017-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
},
{
"name": "CVE-2015-5073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
},
{
"name": "CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2014-9769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2016-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2018-0733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2014-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2015-8389",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
}
],
"initial_release_date": "2018-06-15T00:00:00",
"last_revision_date": "2018-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-293",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
"url": "https://www.tenable.com/security/tns-2018-09"
}
]
}
Title
Expat加密机制破坏漏洞
Description
Expat是一个基于C语言的XML解析器库,它采用了一个面向流的解析器。
当程序在调用XML_SetHashSalt的解析器中使用或传递一个0种子时Expat中存在安全漏洞,允许远程攻击者可利用该漏洞破坏加密保护机制。
Severity
中
Patch Name
Expat加密机制破坏漏洞的补丁
Patch Description
Expat是一个基于C语言的XML解析器库,它采用了一个面向流的解析器。
当程序在调用XML_SetHashSalt的解析器中使用或传递一个0种子时Expat中存在安全漏洞,允许远程攻击者可利用该漏洞破坏加密保护机制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/
Reference
https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/
Impacted products
| Name | Expat Expat |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2012-6702"
}
},
"description": "Expat\u662f\u4e00\u4e2a\u57fa\u4e8eC\u8bed\u8a00\u7684XML\u89e3\u6790\u5668\u5e93\uff0c\u5b83\u91c7\u7528\u4e86\u4e00\u4e2a\u9762\u5411\u6d41\u7684\u89e3\u6790\u5668\u3002\r\n\r\n\u5f53\u7a0b\u5e8f\u5728\u8c03\u7528XML_SetHashSalt\u7684\u89e3\u6790\u5668\u4e2d\u4f7f\u7528\u6216\u4f20\u9012\u4e00\u4e2a0\u79cd\u5b50\u65f6Expat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002",
"discovererName": "fdrake, hartwork, kwaclaw",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-04187",
"openTime": "2016-06-22",
"patchDescription": "Expat\u662f\u4e00\u4e2a\u57fa\u4e8eC\u8bed\u8a00\u7684XML\u89e3\u6790\u5668\u5e93\uff0c\u5b83\u91c7\u7528\u4e86\u4e00\u4e2a\u9762\u5411\u6d41\u7684\u89e3\u6790\u5668\u3002\r\n\r\n\u5f53\u7a0b\u5e8f\u5728\u8c03\u7528XML_SetHashSalt\u7684\u89e3\u6790\u5668\u4e2d\u4f7f\u7528\u6216\u4f20\u9012\u4e00\u4e2a0\u79cd\u5b50\u65f6Expat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Expat\u52a0\u5bc6\u673a\u5236\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Expat Expat"
},
"referenceLink": "https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/",
"serverity": "\u4e2d",
"submitTime": "2016-06-19",
"title": "Expat\u52a0\u5bc6\u673a\u5236\u7834\u574f\u6f0f\u6d1e"
}
FKIE_CVE-2012-6702
Vulnerability from fkie_nvd - Published: 2016-06-16 18:59 - Updated: 2026-05-06 22:30
Severity
Summary
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat_project | libexpat | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| debian | debian_linux | 8.0 | |
| android | 4.4.4 | ||
| android | 5.0.2 | ||
| android | 5.1.1 | ||
| android | 6.0 | ||
| android | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4EECEA-61AE-4AD0-87C2-89DC1890DDDD",
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CEEA22-63B4-4702-A400-01349DF0EC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function."
},
{
"lang": "es",
"value": "Expat, cuando se utiliza en un int\u00e9rprete que no ha realizado una llamada XML_SetHashSalt o pasado una semilla de 0, facilita a atacantes dependientes del contexto romper mecanismos de protecci\u00f3n criptogr\u00e1fica a trav\u00e9s de vectores que involucran el uso de la funci\u00f3n srand."
}
],
"id": "CVE-2012-6702",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-16T18:59:00.327",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"source": "security@opentext.com",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"source": "security@opentext.com",
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/91483"
},
{
"source": "security@opentext.com",
"url": "http://www.ubuntu.com/usn/USN-3010-1"
},
{
"source": "security@opentext.com",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"source": "security@opentext.com",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"source": "security@opentext.com",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3010-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/tns-2016-20"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-QFWQ-QVMM-7J3X
Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Severity
5.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2012-6702"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-06-16T18:59:00Z",
"severity": "MODERATE"
},
"details": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"id": "GHSA-qfwq-qvmm-7j3x",
"modified": "2022-05-13T01:12:01Z",
"published": "2022-05-13T01:12:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6702"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91483"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3010-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2012-6702
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-6702",
"description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"id": "GSD-2012-6702",
"references": [
"https://www.suse.com/security/cve/CVE-2012-6702.html",
"https://www.debian.org/security/2016/dsa-3597",
"https://ubuntu.com/security/CVE-2012-6702",
"https://advisories.mageia.org/CVE-2012-6702.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-6702"
],
"details": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"id": "GSD-2012-6702",
"modified": "2023-12-13T01:20:17.581415Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2012-6702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "91483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91483"
},
{
"name": "DSA-3597",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "USN-3010-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3010-1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2012-6702"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3597",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3597"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/04/1"
},
{
"name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/8"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "91483",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91483"
},
{
"name": "USN-3010-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3010-1"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-01-25T15:44Z",
"publishedDate": "2016-06-16T18:59Z"
}
}
}
OPENSUSE-SU-2024:10077-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
expat-2.2.0-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: expat-2.2.0-3.1 on GA media
Description of the patch: These are all security issues fixed in the expat-2.2.0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10077
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
81 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "expat-2.2.0-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the expat-2.2.0-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10077",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10077-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2625 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-3560 page",
"url": "https://www.suse.com/security/cve/CVE-2009-3560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-3720 page",
"url": "https://www.suse.com/security/cve/CVE-2009-3720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0876 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1147 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1148 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6702 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0718 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4472 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5300/"
}
],
"title": "expat-2.2.0-3.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10077-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.aarch64",
"product": {
"name": "expat-2.2.0-3.1.aarch64",
"product_id": "expat-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat-devel-2.2.0-3.1.aarch64",
"product_id": "libexpat-devel-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.aarch64",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat1-2.2.0-3.1.aarch64",
"product_id": "libexpat1-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.aarch64",
"product_id": "libexpat1-32bit-2.2.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.ppc64le",
"product": {
"name": "expat-2.2.0-3.1.ppc64le",
"product_id": "expat-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat-devel-2.2.0-3.1.ppc64le",
"product_id": "libexpat-devel-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat1-2.2.0-3.1.ppc64le",
"product_id": "libexpat1-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.ppc64le",
"product_id": "libexpat1-32bit-2.2.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.s390x",
"product": {
"name": "expat-2.2.0-3.1.s390x",
"product_id": "expat-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.s390x",
"product": {
"name": "libexpat-devel-2.2.0-3.1.s390x",
"product_id": "libexpat-devel-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.s390x",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.s390x",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.s390x",
"product": {
"name": "libexpat1-2.2.0-3.1.s390x",
"product_id": "libexpat1-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.s390x",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.s390x",
"product_id": "libexpat1-32bit-2.2.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.x86_64",
"product": {
"name": "expat-2.2.0-3.1.x86_64",
"product_id": "expat-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat-devel-2.2.0-3.1.x86_64",
"product_id": "libexpat-devel-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.x86_64",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat1-2.2.0-3.1.x86_64",
"product_id": "libexpat1-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.x86_64",
"product_id": "libexpat1-32bit-2.2.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64"
},
"product_reference": "expat-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le"
},
"product_reference": "expat-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x"
},
"product_reference": "expat-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64"
},
"product_reference": "expat-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x"
},
"product_reference": "libexpat-devel-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat1-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat1-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x"
},
"product_reference": "libexpat1-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat1-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2625"
}
],
"notes": [
{
"category": "general",
"text": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2625",
"url": "https://www.suse.com/security/cve/CVE-2009-2625"
},
{
"category": "external",
"summary": "SUSE Bug 525562 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/525562"
},
{
"category": "external",
"summary": "SUSE Bug 530717 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/530717"
},
{
"category": "external",
"summary": "SUSE Bug 534025 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/534025"
},
{
"category": "external",
"summary": "SUSE Bug 534721 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/534721"
},
{
"category": "external",
"summary": "SUSE Bug 537969 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/537969"
},
{
"category": "external",
"summary": "SUSE Bug 540945 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/540945"
},
{
"category": "external",
"summary": "SUSE Bug 548655 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/548655"
},
{
"category": "external",
"summary": "SUSE Bug 550664 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/550664"
},
{
"category": "external",
"summary": "SUSE Bug 553220 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/553220"
},
{
"category": "external",
"summary": "SUSE Bug 558892 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/558892"
},
{
"category": "external",
"summary": "SUSE Bug 581162 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/581162"
},
{
"category": "external",
"summary": "SUSE Bug 581765 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/581765"
},
{
"category": "external",
"summary": "SUSE Bug 610080 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/610080"
},
{
"category": "external",
"summary": "SUSE Bug 611931 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/611931"
},
{
"category": "external",
"summary": "SUSE Bug 611932 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/611932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2009-2625"
},
{
"cve": "CVE-2009-3560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-3560"
}
],
"notes": [
{
"category": "general",
"text": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-3560",
"url": "https://www.suse.com/security/cve/CVE-2009-3560"
},
{
"category": "external",
"summary": "SUSE Bug 550666 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/550666"
},
{
"category": "external",
"summary": "SUSE Bug 558892 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/558892"
},
{
"category": "external",
"summary": "SUSE Bug 561561 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/561561"
},
{
"category": "external",
"summary": "SUSE Bug 581162 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/581162"
},
{
"category": "external",
"summary": "SUSE Bug 581765 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/581765"
},
{
"category": "external",
"summary": "SUSE Bug 611931 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/611931"
},
{
"category": "external",
"summary": "SUSE Bug 694595 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/694595"
},
{
"category": "external",
"summary": "SUSE Bug 725950 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/725950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-3560"
},
{
"cve": "CVE-2009-3720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-3720"
}
],
"notes": [
{
"category": "general",
"text": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-3720",
"url": "https://www.suse.com/security/cve/CVE-2009-3720"
},
{
"category": "external",
"summary": "SUSE Bug 534721 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/534721"
},
{
"category": "external",
"summary": "SUSE Bug 550664 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/550664"
},
{
"category": "external",
"summary": "SUSE Bug 550666 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/550666"
},
{
"category": "external",
"summary": "SUSE Bug 558892 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/558892"
},
{
"category": "external",
"summary": "SUSE Bug 561561 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/561561"
},
{
"category": "external",
"summary": "SUSE Bug 581162 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/581162"
},
{
"category": "external",
"summary": "SUSE Bug 581765 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/581765"
},
{
"category": "external",
"summary": "SUSE Bug 611931 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/611931"
},
{
"category": "external",
"summary": "SUSE Bug 725950 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/725950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-3720"
},
{
"cve": "CVE-2012-0876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0876"
}
],
"notes": [
{
"category": "general",
"text": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0876",
"url": "https://www.suse.com/security/cve/CVE-2012-0876"
},
{
"category": "external",
"summary": "SUSE Bug 750914 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/750914"
},
{
"category": "external",
"summary": "SUSE Bug 751464 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/751464"
},
{
"category": "external",
"summary": "SUSE Bug 751465 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/751465"
},
{
"category": "external",
"summary": "SUSE Bug 983215 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0876"
},
{
"cve": "CVE-2012-1147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1147"
}
],
"notes": [
{
"category": "general",
"text": "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1147",
"url": "https://www.suse.com/security/cve/CVE-2012-1147"
},
{
"category": "external",
"summary": "SUSE Bug 750914 for CVE-2012-1147",
"url": "https://bugzilla.suse.com/750914"
},
{
"category": "external",
"summary": "SUSE Bug 751464 for CVE-2012-1147",
"url": "https://bugzilla.suse.com/751464"
},
{
"category": "external",
"summary": "SUSE Bug 751465 for CVE-2012-1147",
"url": "https://bugzilla.suse.com/751465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1147"
},
{
"cve": "CVE-2012-1148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1148"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1148",
"url": "https://www.suse.com/security/cve/CVE-2012-1148"
},
{
"category": "external",
"summary": "SUSE Bug 750914 for CVE-2012-1148",
"url": "https://bugzilla.suse.com/750914"
},
{
"category": "external",
"summary": "SUSE Bug 751464 for CVE-2012-1148",
"url": "https://bugzilla.suse.com/751464"
},
{
"category": "external",
"summary": "SUSE Bug 751465 for CVE-2012-1148",
"url": "https://bugzilla.suse.com/751465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1148"
},
{
"cve": "CVE-2012-6702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6702"
}
],
"notes": [
{
"category": "general",
"text": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6702",
"url": "https://www.suse.com/security/cve/CVE-2012-6702"
},
{
"category": "external",
"summary": "SUSE Bug 983215 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-6702"
},
{
"cve": "CVE-2015-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1283"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1283",
"url": "https://www.suse.com/security/cve/CVE-2015-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1034050 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/1034050"
},
{
"category": "external",
"summary": "SUSE Bug 939077 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/939077"
},
{
"category": "external",
"summary": "SUSE Bug 979441 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/979441"
},
{
"category": "external",
"summary": "SUSE Bug 980391 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/980391"
},
{
"category": "external",
"summary": "SUSE Bug 983985 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/983985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-1283"
},
{
"cve": "CVE-2016-0718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0718"
}
],
"notes": [
{
"category": "general",
"text": "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0718",
"url": "https://www.suse.com/security/cve/CVE-2016-0718"
},
{
"category": "external",
"summary": "SUSE Bug 979441 for CVE-2016-0718",
"url": "https://bugzilla.suse.com/979441"
},
{
"category": "external",
"summary": "SUSE Bug 991809 for CVE-2016-0718",
"url": "https://bugzilla.suse.com/991809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0718"
},
{
"cve": "CVE-2016-4472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4472"
}
],
"notes": [
{
"category": "general",
"text": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4472",
"url": "https://www.suse.com/security/cve/CVE-2016-4472"
},
{
"category": "external",
"summary": "SUSE Bug 1034050 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/1034050"
},
{
"category": "external",
"summary": "SUSE Bug 939077 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/939077"
},
{
"category": "external",
"summary": "SUSE Bug 980391 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/980391"
},
{
"category": "external",
"summary": "SUSE Bug 983985 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/983985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-4472"
},
{
"cve": "CVE-2016-5300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5300"
}
],
"notes": [
{
"category": "general",
"text": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5300",
"url": "https://www.suse.com/security/cve/CVE-2016-5300"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2016-5300",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5300"
}
]
}
SUSE-SU-2017:0415-1
Vulnerability from csaf_suse - Published: 2017-02-07 12:17 - Updated: 2017-02-07 12:17Summary
Security update for expat
Severity
Moderate
Notes
Title of the patch: Security update for expat
Description of the patch:
This update for expat fixes the following security issues:
- CVE-2012-6702: Expat, when used in a parser that has not
called XML_SetHashSalt or passed it a seed of 0, made it easier for
context-dependent attackers to defeat cryptographic protection mechanisms
via vectors involving use of the srand function. (bsc#983215)
- CVE-2016-5300: The XML parser in Expat did not use sufficient entropy
for hash initialization, which allowed context-dependent attackers to
cause a denial of service (CPU consumption) via crafted identifiers in
an XML document. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2012-0876. (bsc#983216)
Patchnames: sdksp4-expat-12972,slessp4-expat-12972,slestso13-expat-12972
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for expat fixes the following security issues:\n\n- CVE-2012-6702: Expat, when used in a parser that has not\n called XML_SetHashSalt or passed it a seed of 0, made it easier for\n context-dependent attackers to defeat cryptographic protection mechanisms\n via vectors involving use of the srand function. (bsc#983215)\n- CVE-2016-5300: The XML parser in Expat did not use sufficient entropy\n for hash initialization, which allowed context-dependent attackers to\n cause a denial of service (CPU consumption) via crafted identifiers in\n an XML document. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2012-0876. (bsc#983216)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-expat-12972,slessp4-expat-12972,slestso13-expat-12972",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0415-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0415-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170415-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0415-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-February/002630.html"
},
{
"category": "self",
"summary": "SUSE Bug 1022037",
"url": "https://bugzilla.suse.com/1022037"
},
{
"category": "self",
"summary": "SUSE Bug 983215",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "self",
"summary": "SUSE Bug 983216",
"url": "https://bugzilla.suse.com/983216"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6702 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5300/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2017-02-07T12:17:55Z",
"generator": {
"date": "2017-02-07T12:17:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0415-1",
"initial_release_date": "2017-02-07T12:17:55Z",
"revision_history": [
{
"date": "2017-02-07T12:17:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.0.1-88.41.1.i586",
"product": {
"name": "libexpat-devel-2.0.1-88.41.1.i586",
"product_id": "libexpat-devel-2.0.1-88.41.1.i586"
}
},
{
"category": "product_version",
"name": "expat-2.0.1-88.41.1.i586",
"product": {
"name": "expat-2.0.1-88.41.1.i586",
"product_id": "expat-2.0.1-88.41.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat1-2.0.1-88.41.1.i586",
"product": {
"name": "libexpat1-2.0.1-88.41.1.i586",
"product_id": "libexpat1-2.0.1-88.41.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.0.1-88.41.1.ia64",
"product": {
"name": "libexpat-devel-2.0.1-88.41.1.ia64",
"product_id": "libexpat-devel-2.0.1-88.41.1.ia64"
}
},
{
"category": "product_version",
"name": "expat-2.0.1-88.41.1.ia64",
"product": {
"name": "expat-2.0.1-88.41.1.ia64",
"product_id": "expat-2.0.1-88.41.1.ia64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.0.1-88.41.1.ia64",
"product": {
"name": "libexpat1-2.0.1-88.41.1.ia64",
"product_id": "libexpat1-2.0.1-88.41.1.ia64"
}
},
{
"category": "product_version",
"name": "libexpat1-x86-2.0.1-88.41.1.ia64",
"product": {
"name": "libexpat1-x86-2.0.1-88.41.1.ia64",
"product_id": "libexpat1-x86-2.0.1-88.41.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.0.1-88.41.1.ppc64",
"product": {
"name": "libexpat-devel-2.0.1-88.41.1.ppc64",
"product_id": "libexpat-devel-2.0.1-88.41.1.ppc64"
}
},
{
"category": "product_version",
"name": "expat-2.0.1-88.41.1.ppc64",
"product": {
"name": "expat-2.0.1-88.41.1.ppc64",
"product_id": "expat-2.0.1-88.41.1.ppc64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.0.1-88.41.1.ppc64",
"product": {
"name": "libexpat1-2.0.1-88.41.1.ppc64",
"product_id": "libexpat1-2.0.1-88.41.1.ppc64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.0.1-88.41.1.ppc64",
"product": {
"name": "libexpat1-32bit-2.0.1-88.41.1.ppc64",
"product_id": "libexpat1-32bit-2.0.1-88.41.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.0.1-88.41.1.s390x",
"product": {
"name": "libexpat-devel-2.0.1-88.41.1.s390x",
"product_id": "libexpat-devel-2.0.1-88.41.1.s390x"
}
},
{
"category": "product_version",
"name": "expat-2.0.1-88.41.1.s390x",
"product": {
"name": "expat-2.0.1-88.41.1.s390x",
"product_id": "expat-2.0.1-88.41.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.0.1-88.41.1.s390x",
"product": {
"name": "libexpat1-2.0.1-88.41.1.s390x",
"product_id": "libexpat1-2.0.1-88.41.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.0.1-88.41.1.s390x",
"product": {
"name": "libexpat1-32bit-2.0.1-88.41.1.s390x",
"product_id": "libexpat1-32bit-2.0.1-88.41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.0.1-88.41.1.x86_64",
"product": {
"name": "libexpat-devel-2.0.1-88.41.1.x86_64",
"product_id": "libexpat-devel-2.0.1-88.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "expat-2.0.1-88.41.1.x86_64",
"product": {
"name": "expat-2.0.1-88.41.1.x86_64",
"product_id": "expat-2.0.1-88.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.0.1-88.41.1.x86_64",
"product": {
"name": "libexpat1-2.0.1-88.41.1.x86_64",
"product_id": "libexpat1-2.0.1-88.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.0.1-88.41.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.0.1-88.41.1.x86_64",
"product_id": "libexpat1-32bit-2.0.1-88.41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.0.1-88.41.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586"
},
"product_reference": "libexpat-devel-2.0.1-88.41.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64"
},
"product_reference": "libexpat-devel-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64"
},
"product_reference": "libexpat-devel-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x"
},
"product_reference": "libexpat-devel-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64"
},
"product_reference": "libexpat-devel-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586"
},
"product_reference": "expat-2.0.1-88.41.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64"
},
"product_reference": "expat-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64"
},
"product_reference": "expat-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x"
},
"product_reference": "expat-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64"
},
"product_reference": "expat-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586"
},
"product_reference": "libexpat1-2.0.1-88.41.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64"
},
"product_reference": "libexpat1-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64"
},
"product_reference": "libexpat1-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x"
},
"product_reference": "libexpat1-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64"
},
"product_reference": "libexpat1-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64"
},
"product_reference": "libexpat1-32bit-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x"
},
"product_reference": "libexpat1-32bit-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-x86-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64"
},
"product_reference": "libexpat1-x86-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586"
},
"product_reference": "expat-2.0.1-88.41.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64"
},
"product_reference": "expat-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64"
},
"product_reference": "expat-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x"
},
"product_reference": "expat-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64"
},
"product_reference": "expat-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586"
},
"product_reference": "libexpat1-2.0.1-88.41.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64"
},
"product_reference": "libexpat1-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64"
},
"product_reference": "libexpat1-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x"
},
"product_reference": "libexpat1-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64"
},
"product_reference": "libexpat1-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.0.1-88.41.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64"
},
"product_reference": "libexpat1-32bit-2.0.1-88.41.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.0.1-88.41.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x"
},
"product_reference": "libexpat1-32bit-2.0.1-88.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.0.1-88.41.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-x86-2.0.1-88.41.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64"
},
"product_reference": "libexpat1-x86-2.0.1-88.41.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.0.1-88.41.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
},
"product_reference": "libexpat-devel-2.0.1-88.41.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6702"
}
],
"notes": [
{
"category": "general",
"text": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64",
"SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6702",
"url": "https://www.suse.com/security/cve/CVE-2012-6702"
},
{
"category": "external",
"summary": "SUSE Bug 983215 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64",
"SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64",
"SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-07T12:17:55Z",
"details": "moderate"
}
],
"title": "CVE-2012-6702"
},
{
"cve": "CVE-2016-5300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5300"
}
],
"notes": [
{
"category": "general",
"text": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64",
"SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5300",
"url": "https://www.suse.com/security/cve/CVE-2016-5300"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2016-5300",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64",
"SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:expat-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-32bit-2.0.1-88.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libexpat1-x86-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libexpat-devel-2.0.1-88.41.1.x86_64",
"SUSE Studio Onsite 1.3:libexpat-devel-2.0.1-88.41.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-07T12:17:55Z",
"details": "important"
}
],
"title": "CVE-2016-5300"
}
]
}
SUSE-SU-2017:0424-1
Vulnerability from csaf_suse - Published: 2017-02-08 12:07 - Updated: 2017-02-08 12:07Summary
Security update for expat
Severity
Moderate
Notes
Title of the patch: Security update for expat
Description of the patch:
This update for expat fixes the following security issues:
- CVE-2012-6702: Expat, when used in a parser that has not
called XML_SetHashSalt or passed it a seed of 0, made it easier for
context-dependent attackers to defeat cryptographic protection mechanisms
via vectors involving use of the srand function. (bsc#983215)
- CVE-2016-5300: The XML parser in Expat did not use sufficient entropy
for hash initialization, which allowed context-dependent attackers to
cause a denial of service (CPU consumption) via crafted identifiers in
an XML document. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2012-0876. (bsc#983216)
Patchnames: SUSE-SLE-DESKTOP-12-SP1-2017-212,SUSE-SLE-DESKTOP-12-SP2-2017-212,SUSE-SLE-RPI-12-SP2-2017-212,SUSE-SLE-SDK-12-SP1-2017-212,SUSE-SLE-SDK-12-SP2-2017-212,SUSE-SLE-SERVER-12-SP1-2017-212,SUSE-SLE-SERVER-12-SP2-2017-212
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for expat fixes the following security issues:\n\n- CVE-2012-6702: Expat, when used in a parser that has not\n called XML_SetHashSalt or passed it a seed of 0, made it easier for\n context-dependent attackers to defeat cryptographic protection mechanisms\n via vectors involving use of the srand function. (bsc#983215)\n- CVE-2016-5300: The XML parser in Expat did not use sufficient entropy\n for hash initialization, which allowed context-dependent attackers to\n cause a denial of service (CPU consumption) via crafted identifiers in\n an XML document. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2012-0876. (bsc#983216)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2017-212,SUSE-SLE-DESKTOP-12-SP2-2017-212,SUSE-SLE-RPI-12-SP2-2017-212,SUSE-SLE-SDK-12-SP1-2017-212,SUSE-SLE-SDK-12-SP2-2017-212,SUSE-SLE-SERVER-12-SP1-2017-212,SUSE-SLE-SERVER-12-SP2-2017-212",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0424-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0424-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170424-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0424-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-February/002631.html"
},
{
"category": "self",
"summary": "SUSE Bug 983215",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "self",
"summary": "SUSE Bug 983216",
"url": "https://bugzilla.suse.com/983216"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6702 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5300/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2017-02-08T12:07:52Z",
"generator": {
"date": "2017-02-08T12:07:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0424-1",
"initial_release_date": "2017-02-08T12:07:52Z",
"revision_history": [
{
"date": "2017-02-08T12:07:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-20.2.aarch64",
"product": {
"name": "expat-2.1.0-20.2.aarch64",
"product_id": "expat-2.1.0-20.2.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-20.2.aarch64",
"product": {
"name": "libexpat1-2.1.0-20.2.aarch64",
"product_id": "libexpat1-2.1.0-20.2.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-20.2.aarch64",
"product": {
"name": "libexpat-devel-2.1.0-20.2.aarch64",
"product_id": "libexpat-devel-2.1.0-20.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-20.2.ppc64le",
"product": {
"name": "libexpat-devel-2.1.0-20.2.ppc64le",
"product_id": "libexpat-devel-2.1.0-20.2.ppc64le"
}
},
{
"category": "product_version",
"name": "expat-2.1.0-20.2.ppc64le",
"product": {
"name": "expat-2.1.0-20.2.ppc64le",
"product_id": "expat-2.1.0-20.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-20.2.ppc64le",
"product": {
"name": "libexpat1-2.1.0-20.2.ppc64le",
"product_id": "libexpat1-2.1.0-20.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-20.2.s390x",
"product": {
"name": "libexpat-devel-2.1.0-20.2.s390x",
"product_id": "libexpat-devel-2.1.0-20.2.s390x"
}
},
{
"category": "product_version",
"name": "expat-2.1.0-20.2.s390x",
"product": {
"name": "expat-2.1.0-20.2.s390x",
"product_id": "expat-2.1.0-20.2.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-20.2.s390x",
"product": {
"name": "libexpat1-2.1.0-20.2.s390x",
"product_id": "libexpat1-2.1.0-20.2.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.1.0-20.2.s390x",
"product": {
"name": "libexpat1-32bit-2.1.0-20.2.s390x",
"product_id": "libexpat1-32bit-2.1.0-20.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-20.2.x86_64",
"product": {
"name": "expat-2.1.0-20.2.x86_64",
"product_id": "expat-2.1.0-20.2.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-20.2.x86_64",
"product": {
"name": "libexpat1-2.1.0-20.2.x86_64",
"product_id": "libexpat1-2.1.0-20.2.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.1.0-20.2.x86_64",
"product": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64",
"product_id": "libexpat1-32bit-2.1.0-20.2.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-20.2.x86_64",
"product": {
"name": "libexpat-devel-2.1.0-20.2.x86_64",
"product_id": "libexpat-devel-2.1.0-20.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64"
},
"product_reference": "expat-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64"
},
"product_reference": "expat-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64"
},
"product_reference": "expat-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64"
},
"product_reference": "libexpat1-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le"
},
"product_reference": "libexpat-devel-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x"
},
"product_reference": "libexpat-devel-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat-devel-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64"
},
"product_reference": "libexpat-devel-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le"
},
"product_reference": "libexpat-devel-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x"
},
"product_reference": "libexpat-devel-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat-devel-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le"
},
"product_reference": "expat-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x"
},
"product_reference": "expat-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64"
},
"product_reference": "expat-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le"
},
"product_reference": "libexpat1-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le"
},
"product_reference": "expat-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x"
},
"product_reference": "expat-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64"
},
"product_reference": "expat-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le"
},
"product_reference": "libexpat1-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64"
},
"product_reference": "expat-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le"
},
"product_reference": "expat-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x"
},
"product_reference": "expat-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64"
},
"product_reference": "expat-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64"
},
"product_reference": "libexpat1-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le"
},
"product_reference": "libexpat1-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64"
},
"product_reference": "expat-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le"
},
"product_reference": "expat-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x"
},
"product_reference": "expat-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64"
},
"product_reference": "expat-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64"
},
"product_reference": "libexpat1-2.1.0-20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le"
},
"product_reference": "libexpat1-2.1.0-20.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6702"
}
],
"notes": [
{
"category": "general",
"text": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6702",
"url": "https://www.suse.com/security/cve/CVE-2012-6702"
},
{
"category": "external",
"summary": "SUSE Bug 983215 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-08T12:07:52Z",
"details": "moderate"
}
],
"title": "CVE-2012-6702"
},
{
"cve": "CVE-2016-5300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5300"
}
],
"notes": [
{
"category": "general",
"text": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5300",
"url": "https://www.suse.com/security/cve/CVE-2016-5300"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2016-5300",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:expat-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libexpat1-32bit-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libexpat-devel-2.1.0-20.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libexpat-devel-2.1.0-20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-08T12:07:52Z",
"details": "important"
}
],
"title": "CVE-2016-5300"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…