Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libexpat | Libexpat_project | * | 2.2.0 (excluding) |
| Audacity | Ubuntu | kinetic | * |
| Audacity | Ubuntu | lunar | * |
| Audacity | Ubuntu | mantic | * |
| Ayttm | Ubuntu | precise | * |
| Ayttm | Ubuntu | wily | * |
| Ayttm | Ubuntu | yakkety | * |
| Cableswig | Ubuntu | precise | * |
| Cableswig | Ubuntu | wily | * |
| Cadaver | Ubuntu | artful | * |
| Cadaver | Ubuntu | precise | * |
| Cadaver | Ubuntu | wily | * |
| Cadaver | Ubuntu | yakkety | * |
| Cadaver | Ubuntu | zesty | * |
| Coin3 | Ubuntu | artful | * |
| Coin3 | Ubuntu | precise | * |
| Coin3 | Ubuntu | wily | * |
| Coin3 | Ubuntu | yakkety | * |
| Coin3 | Ubuntu | zesty | * |
| Expat | Ubuntu | esm-infra-legacy/trusty | * |
| Expat | Ubuntu | esm-infra/xenial | * |
| Expat | Ubuntu | precise | * |
| Expat | Ubuntu | trusty | * |
| Expat | Ubuntu | trusty/esm | * |
| Expat | Ubuntu | upstream | * |
| Expat | Ubuntu | vivid/stable-phone-overlay | * |
| Expat | Ubuntu | vivid/ubuntu-core | * |
| Expat | Ubuntu | wily | * |
| Expat | Ubuntu | xenial | * |
| Insighttoolkit | Ubuntu | esm-apps/xenial | * |
| Insighttoolkit | Ubuntu | precise | * |
| Insighttoolkit | Ubuntu | trusty | * |
| Insighttoolkit | Ubuntu | wily | * |
| Insighttoolkit | Ubuntu | xenial | * |
| Kompozer | Ubuntu | precise | * |
| Libparagui1.1 | Ubuntu | precise | * |
| Libxmltok | Ubuntu | hirsute | * |
| Libxmltok | Ubuntu | trusty | * |
| Libxmltok | Ubuntu | xenial | * |
| Matanza | Ubuntu | artful | * |
| Matanza | Ubuntu | precise | * |
| Matanza | Ubuntu | wily | * |
| Matanza | Ubuntu | yakkety | * |
| Matanza | Ubuntu | zesty | * |
| Paraview | Ubuntu | plucky | * |
| Simgear | Ubuntu | precise | * |
| Sitecopy | Ubuntu | artful | * |
| Sitecopy | Ubuntu | oracular | * |
| Sitecopy | Ubuntu | plucky | * |
| Sitecopy | Ubuntu | precise | * |
| Sitecopy | Ubuntu | wily | * |
| Sitecopy | Ubuntu | yakkety | * |
| Sitecopy | Ubuntu | zesty | * |
| Swish-e | Ubuntu | artful | * |
| Swish-e | Ubuntu | precise | * |
| Swish-e | Ubuntu | wily | * |
| Swish-e | Ubuntu | yakkety | * |
| Swish-e | Ubuntu | zesty | * |
| Tdom | Ubuntu | artful | * |
| Tdom | Ubuntu | precise | * |
| Tdom | Ubuntu | wily | * |
| Tdom | Ubuntu | yakkety | * |
| Tdom | Ubuntu | zesty | * |
| Tla | Ubuntu | precise | * |
| Tla | Ubuntu | wily | * |
| Tla | Ubuntu | yakkety | * |
| Tla | Ubuntu | zesty | * |
| Vnc4 | Ubuntu | artful | * |
| Vnc4 | Ubuntu | bionic | * |
| Vnc4 | Ubuntu | cosmic | * |
| Vnc4 | Ubuntu | disco | * |
| Vnc4 | Ubuntu | eoan | * |
| Vnc4 | Ubuntu | esm-apps/bionic | * |
| Vnc4 | Ubuntu | esm-apps/xenial | * |
| Vnc4 | Ubuntu | esm-infra-legacy/trusty | * |
| Vnc4 | Ubuntu | precise | * |
| Vnc4 | Ubuntu | trusty | * |
| Vnc4 | Ubuntu | trusty/esm | * |
| Vnc4 | Ubuntu | upstream | * |
| Vnc4 | Ubuntu | wily | * |
| Vnc4 | Ubuntu | xenial | * |
| Vnc4 | Ubuntu | yakkety | * |
| Vnc4 | Ubuntu | zesty | * |
| Vtk | Ubuntu | precise | * |
| Vtk | Ubuntu | wily | * |
| Wbxml2 | Ubuntu | artful | * |
| Wbxml2 | Ubuntu | precise | * |
| Wbxml2 | Ubuntu | wily | * |
| Wbxml2 | Ubuntu | yakkety | * |
| Wbxml2 | Ubuntu | zesty | * |
| Wxwidgets2.6 | Ubuntu | precise | * |
| Wxwidgets2.8 | Ubuntu | precise | * |
| Wxwidgets2.8 | Ubuntu | wily | * |
| Xmlrpc-c | Ubuntu | artful | * |
| Xmlrpc-c | Ubuntu | bionic | * |
| Xmlrpc-c | Ubuntu | cosmic | * |
| Xmlrpc-c | Ubuntu | devel | * |
| Xmlrpc-c | Ubuntu | disco | * |
| Xmlrpc-c | Ubuntu | eoan | * |
| Xmlrpc-c | Ubuntu | esm-apps/bionic | * |
| Xmlrpc-c | Ubuntu | esm-apps/focal | * |
| Xmlrpc-c | Ubuntu | esm-apps/jammy | * |
| Xmlrpc-c | Ubuntu | esm-apps/noble | * |
| Xmlrpc-c | Ubuntu | esm-apps/xenial | * |
| Xmlrpc-c | Ubuntu | esm-infra-legacy/trusty | * |
| Xmlrpc-c | Ubuntu | focal | * |
| Xmlrpc-c | Ubuntu | groovy | * |
| Xmlrpc-c | Ubuntu | hirsute | * |
| Xmlrpc-c | Ubuntu | impish | * |
| Xmlrpc-c | Ubuntu | jammy | * |
| Xmlrpc-c | Ubuntu | kinetic | * |
| Xmlrpc-c | Ubuntu | lunar | * |
| Xmlrpc-c | Ubuntu | mantic | * |
| Xmlrpc-c | Ubuntu | noble | * |
| Xmlrpc-c | Ubuntu | oracular | * |
| Xmlrpc-c | Ubuntu | plucky | * |
| Xmlrpc-c | Ubuntu | precise | * |
| Xmlrpc-c | Ubuntu | questing | * |
| Xmlrpc-c | Ubuntu | trusty | * |
| Xmlrpc-c | Ubuntu | trusty/esm | * |
| Xmlrpc-c | Ubuntu | wily | * |
| Xmlrpc-c | Ubuntu | xenial | * |
| Xmlrpc-c | Ubuntu | yakkety | * |
| Xmlrpc-c | Ubuntu | zesty | * |
| Xotcl | Ubuntu | artful | * |
| Xotcl | Ubuntu | precise | * |
| Xotcl | Ubuntu | wily | * |
| Xotcl | Ubuntu | yakkety | * |
| Xotcl | Ubuntu | zesty | * |
References
- http://www.debian.org/security/2016/dsa-3597
- http://www.openwall.com/lists/oss-security/2016/06/03/8
- http://www.openwall.com/lists/oss-security/2016/06/04/1
- http://www.securityfocus.com/bid/91483
- http://www.ubuntu.com/usn/USN-3010-1
- https://security.gentoo.org/glsa/201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://www.tenable.com/security/tns-2016-20
- http://www.debian.org/security/2016/dsa-3597
- http://www.openwall.com/lists/oss-security/2016/06/03/8
- http://www.openwall.com/lists/oss-security/2016/06/04/1
- http://www.securityfocus.com/bid/91483
- http://www.ubuntu.com/usn/USN-3010-1
- https://security.gentoo.org/glsa/201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://www.tenable.com/security/tns-2016-20