-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-60889583ab 2016-06-19 01:30:38.519018 --------------------------------------------------------------------------------
Name : expat Product : Fedora 23 Version : 2.1.1 Release : 2.fc23 URL : http://www.libexpat.org/ Summary : An XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers.
-------------------------------------------------------------------------------- Update Information:
Security fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1344252 - CVE-2016-4472 expat: Undefined behavior and pointer overflows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1344252 [ 2 ] Bug #1343086 - CVE-2016-5300 expat: Little entropy used for hash initialization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1343086 [ 3 ] Bug #1337116 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1337116 [ 4 ] Bug #1319732 - CVE-2012-6702 expat: Using XML_Parse before rand() results into non-random output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1319732 [ 5 ] Bug #1197087 - XML_Parse breaks rand() function https://bugzilla.redhat.com/show_bug.cgi?id=1197087 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update expat' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------