Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.
140c5c41e74ea3c15e65121e0032d6722516e2191125272a7af63151aff85e5d
Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
cfec0d0baa4a36e1ae04f7f639de9cf2a3c468c972d456d4bc85ac32ebd1efec
Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.
5e917bb7e6f9edc636297d6a5ef7728eaba569232b19fbb441916d312716221a
Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.
e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800
Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.
92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509
Gentoo Linux Security Advisory 201701-21 - Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Versions less than 2.2.0-r1 are affected.
73f628f33cf75bb2a7b04cf0934d009261b4c570e6e337d0bca9e29b8d571fd1
Slackware Security Advisory - New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
3f42b6748e4fdf951b8600bc91953ddc4d04d534c6123c52abbc0f3cb1d32c92
Red Hat Security Advisory 2016-2824-01 - Expat is a C library for parsing XML documents. Security Fix: An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
15b1cfacba0f19d15530badb193026d093d7c0ccf480c95cbe80f7be4e28cad7
Ubuntu Security Notice 3044-1 - Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacker could potentially exploit this to track users, resulting in information disclosure. Various other issues were also addressed.
107aea46d43767c24d152b35ee26b6d29d2d088ed48f4b1e3d272428623578a4
Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.
a2d9354c4a7f6ea06efa521cdd6516fbf0a138a5ca0981e16938eab249ee9d7d
Ubuntu Security Notice 3013-1 - It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
6aa1759ea4a56ff06cbcd1346041c06eac65ab5a67eb809302bc6274df1d8247
Ubuntu Security Notice 2983-1 - Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.
4eeeb7ba793af60fa54b7a31bac089e6d2f970324f6e28dde272f727e5b36a32
Debian Linux Security Advisory 3582-1 - Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.
2d59b734305bab95e5db0032d8269c83f14993b9f5fd822d355bce54bd326412