First published: Thu Jun 16 2016(Updated: )
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Credit: meissner@suse.de security@opentext.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libexpat Project Libexpat | <2.2.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.10 | |
Canonical Ubuntu Linux | =16.04 | |
Debian Debian Linux | =8.0 | |
Google Android | =4.4.4 | |
Google Android | =5.0.2 | |
Google Android | =5.1.1 | |
Google Android | =6.0 | |
Google Android | =6.0.1 | |
Google Android | ||
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1 2.5.0-1+deb12u1 2.6.3-1 2.6.3-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-6702 is a vulnerability in Expat that allows context-dependent attackers to defeat cryptographic protection mechanisms.
Google Android, Canonical Ubuntu Linux, Debian Debian Linux, and the Libexpat Project's Libexpat are affected by CVE-2012-6702.
CVE-2012-6702 has a severity rating of medium with a CVSS score of 5.9.
To fix CVE-2012-6702 on Debian, update the 'expat' package to version 2.2.0 or higher.
You can find more information about CVE-2012-6702 on the MITRE CVE database, OSS Security mailing list, and Ubuntu's security notices.