What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-1527-2.

What software is affected by the vulnerabilities?

The vulnerabilities affect XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS.

What is the severity of the vulnerabilities?

The severity of the vulnerabilities is not specified in the advisory.

How can I fix the vulnerabilities?

To fix the vulnerabilities, update the affected software to the specified versions: libxmlrpc-core-c3 1.16.33-3.1ubuntu5.1 for Ubuntu 12.04 LTS, libxmlrpc-core-c3-0 1.16.32-0ubuntu4.1 for Ubuntu 11.10, libxmlrpc-core-c3-0 1.16.32-0ubuntu3.1 for Ubuntu 11.04, and libxmlrpc-core-c3 1.06.27-1ubuntu7.1 for Ubuntu 10.04.

Where can I find more information about the vulnerabilities?

You can find more information about the vulnerabilities in the original advisory: [USN-1527-1](https://ubuntu.com/security/notices/USN-1527-1).

Vulnerability/
USN-1527-2

10/9/2012

USN-1527-2: XML-RPC for C and C++ vulnerabilities

First published: Mon Sep 10 2012(Updated: )

USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. Original advisory details: It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)

Affected Software	Affected Version	How to fix
All of
ubuntu/libxmlrpc-core-c3	<1.16.33-3.1ubuntu5.1	1.16.33-3.1ubuntu5.1
Ubuntu Ubuntu	=12.04
All of
ubuntu/libxmlrpc-core-c3-0	<1.16.32-0ubuntu4.1	1.16.32-0ubuntu4.1
Ubuntu Ubuntu	=11.10
All of
ubuntu/libxmlrpc-core-c3-0	<1.16.32-0ubuntu3.1	1.16.32-0ubuntu3.1
Ubuntu Ubuntu	=11.04
All of
ubuntu/libxmlrpc-core-c3	<1.06.27-1ubuntu7.1	1.06.27-1ubuntu7.1
Ubuntu Ubuntu	=10.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-1527-2.
What software is affected by the vulnerabilities?
The vulnerabilities affect XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS.
What is the severity of the vulnerabilities?
The severity of the vulnerabilities is not specified in the advisory.
How can I fix the vulnerabilities?
To fix the vulnerabilities, update the affected software to the specified versions: libxmlrpc-core-c3 1.16.33-3.1ubuntu5.1 for Ubuntu 12.04 LTS, libxmlrpc-core-c3-0 1.16.32-0ubuntu4.1 for Ubuntu 11.10, libxmlrpc-core-c3-0 1.16.32-0ubuntu3.1 for Ubuntu 11.04, and libxmlrpc-core-c3 1.06.27-1ubuntu7.1 for Ubuntu 10.04.
Where can I find more information about the vulnerabilities?
You can find more information about the vulnerabilities in the original advisory: [USN-1527-1](https://ubuntu.com/security/notices/USN-1527-1).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-1527-1
anchor-related/USN-1613-1
anchor-related/USN-1613-2
anchor-related/USN-5455-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/12.04
version/ubuntu ubuntu/11.10
version/ubuntu ubuntu/11.04
version/ubuntu ubuntu/10.04