- Vulnerability/
- USN-2983-1
USN-2983-1: Expat vulnerability
First published: Wed May 18 2016(Updated: )
Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/lib64expat1 | <2.1.0-7ubuntu0.16.04.1 | 2.1.0-7ubuntu0.16.04.1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libexpat1 | <2.1.0-7ubuntu0.16.04.1 | 2.1.0-7ubuntu0.16.04.1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/lib64expat1 | <2.1.0-7ubuntu0.15.10.1 | 2.1.0-7ubuntu0.15.10.1 |
| Ubuntu Ubuntu | =15.10 | |
| All of | ||
| ubuntu/libexpat1 | <2.1.0-7ubuntu0.15.10.1 | 2.1.0-7ubuntu0.15.10.1 |
| Ubuntu Ubuntu | =15.10 | |
| All of | ||
| ubuntu/lib64expat1 | <2.1.0-4ubuntu1.2 | 2.1.0-4ubuntu1.2 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libexpat1 | <2.1.0-4ubuntu1.2 | 2.1.0-4ubuntu1.2 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/lib64expat1 | <2.0.1-7.2ubuntu1.3 | 2.0.1-7.2ubuntu1.3 |
| Ubuntu Ubuntu | =12.04 | |
| All of | ||
| ubuntu/libexpat1 | <2.0.1-7.2ubuntu1.3 | 2.0.1-7.2ubuntu1.3 |
| Ubuntu Ubuntu | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-0718
- https://ubuntu.com/security/notices/USN-3013-1
- https://ubuntu.com/security/notices/USN-3044-1
- https://ubuntu.com/security/notices/USN-5455-1
- https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.1
- https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.1
- https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.2
- https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.3
- https://ubuntu.com/security/notices/USN-2983-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for the Expat vulnerability?
The vulnerability ID for the Expat vulnerability is CVE-2016-0718.
What is the affected software for the Expat vulnerability?
The affected software for the Expat vulnerability includes lib64expat1 and libexpat1 packages on Ubuntu 12.04, 14.04, 15.10, and 16.04.
What is the severity of the Expat vulnerability?
The severity of the Expat vulnerability is not mentioned in the provided information.
How can an attacker exploit the Expat vulnerability?
If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service or possibly execute arbitrary code.
How do I fix the Expat vulnerability?
To fix the Expat vulnerability, update the lib64expat1 and libexpat1 packages to version 2.1.0-7ubuntu0.16.04.1 (or the appropriate version for your Ubuntu release).
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/references
- agent/description
- collector/usn
- source/Ubuntu
- anchor-related/USN-3013-1
- anchor-related/USN-3044-1
- anchor-related/USN-5455-1
- agent/software-canonical-lookup
- agent/event
- agent/softwarecombine
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/15.10
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04