CVE-2012-1148 in Ubuntu

CVE-2012-1148

Priority

Description

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat
before 2.1.0 allows context-dependent attackers to cause a denial of
service (memory consumption) via a large number of crafted XML files that
cause improperly-handled reallocation failures when expanding entities.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
http://mail.python.org/pipermail/expat-bugs/2010-February/002870.html
http://www.openwall.com/lists/oss-security/2012/03/09/1
https://ubuntu.com/security/notices/USN-1527-1
https://ubuntu.com/security/notices/USN-1527-2
https://ubuntu.com/security/notices/USN-1613-1
https://ubuntu.com/security/notices/USN-1613-2

Bugs

http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127
https://bugzilla.redhat.com/show_bug.cgi?id=801648

Notes

ebarretto

tla uses system expat as of 1.3.5+dfsg-15

Package

Source: apache2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code-not-compiled)
Ubuntu 20.04 LTS:	not-affected (code-not-compiled)
Ubuntu 21.10:	not-affected (code-not-compiled)
Ubuntu 16.04 ESM:	not-affected (code-not-compiled)
Ubuntu 22.04 LTS:	not-affected (code-not-compiled)
Ubuntu 22.10:	not-affected (code-not-compiled)
Ubuntu 14.04 ESM:	not-affected (code-not-compiled)

Patches:

Package

Source: apr-util (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code-not-compiled)
Ubuntu 20.04 LTS:	not-affected (code-not-compiled)
Ubuntu 21.10:	not-affected (code-not-compiled)
Ubuntu 16.04 ESM:	not-affected (code-not-compiled)
Ubuntu 22.04 LTS:	not-affected (code-not-compiled)
Ubuntu 22.10:	not-affected (code-not-compiled)
Ubuntu 14.04 ESM:	not-affected (code-not-compiled)

Patches:

Package

Source: audacity (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [uses system expat])

Patches:

Package

Source: ayttm (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: cableswig (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: cadaver (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	needed
Ubuntu 21.10:	needed
Ubuntu 22.04 LTS:	needed
Ubuntu 22.10:	needed
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: celementtree (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: cmake (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code-not-compiled)
Ubuntu 20.04 LTS:	not-affected (code-not-compiled)
Ubuntu 21.10:	not-affected (code-not-compiled)
Ubuntu 16.04 ESM:	not-affected (code-not-compiled)
Ubuntu 22.04 LTS:	not-affected (code-not-compiled)
Ubuntu 22.10:	not-affected (code-not-compiled)
Ubuntu 14.04 ESM:	DNE (trusty was ignored [code-not-compiled])

Patches:

Package

Source: coin3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	not-affected
Ubuntu 21.10:	not-affected
Ubuntu 22.04 LTS:	not-affected
Ubuntu 22.10:	not-affected
Ubuntu 14.04 ESM:	needed

Patches:

Package

Source: expat (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (2.1.0-1)
Ubuntu 20.04 LTS:	not-affected (2.1.0-1)
Ubuntu 21.10:	not-affected (2.1.0-1)
Ubuntu 16.04 ESM:	not-affected (2.1.0-1)
Ubuntu 22.04 LTS:	not-affected (2.1.0-1)
Ubuntu 22.10:	not-affected (2.1.0-1)
Ubuntu 14.04 ESM:	not-affected (2.1.0-1)

Patches:

Upstream:

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167

Package

Source: gdcm (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	not-affected (uses system expat)

Patches:

Package

Source: ghostscript (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code-not-compiled)
Ubuntu 20.04 LTS:	not-affected (code-not-compiled)
Ubuntu 21.10:	not-affected (code-not-compiled)
Ubuntu 16.04 ESM:	not-affected (code-not-compiled)
Ubuntu 22.04 LTS:	not-affected (code-not-compiled)
Ubuntu 22.10:	not-affected (code-not-compiled)
Ubuntu 14.04 ESM:	DNE (trusty was ignored [code-not-compiled])

Patches:

Package

Source: grmonitor (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: insighttoolkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: kompozer (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: libparagui1.1 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: libxmltok (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	needed
Ubuntu 21.10:	needed
Ubuntu 22.04 LTS:	needed

Patches:

Package

Source: matanza (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	needed
Ubuntu 21.10:	needed
Ubuntu 22.04 LTS:	needed
Ubuntu 22.10:	needed
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: paraview (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [uses system expat])

Patches:

Package

Source: poco (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	not-affected (uses system expat)

Patches:

Package

Source: python-xml (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: python2.4 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: python2.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: python2.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: simgear (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [uses system expat])

Patches:

Package

Source: sitecopy (LP Ubuntu Debian)

Upstream:	not-affected (uses system expat)
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: smart (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code-not-compiled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [code-not-compiled])

Patches:

Package

Source: swish-e (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	needed
Ubuntu 21.10:	needed
Ubuntu 22.04 LTS:	needed
Ubuntu 22.10:	needed
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: tdom (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected
Ubuntu 20.04 LTS:	not-affected
Ubuntu 21.10:	not-affected
Ubuntu 22.04 LTS:	not-affected
Ubuntu 22.10:	not-affected
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: texlive-bin (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code-not-compiled)
Ubuntu 20.04 LTS:	not-affected (code-not-compiled)
Ubuntu 21.10:	not-affected (code-not-compiled)
Ubuntu 16.04 ESM:	not-affected (code-not-compiled)
Ubuntu 22.04 LTS:	not-affected (code-not-compiled)
Ubuntu 22.10:	not-affected (code-not-compiled)
Ubuntu 14.04 ESM:	DNE (trusty was ignored [code-not-compiled])

Patches:

Package

Source: tla (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (1.3.5+dfsg-15)
Ubuntu 20.04 LTS:	not-affected (1.3.5+dfsg-15)
Ubuntu 21.10:	not-affected (1.3.5+dfsg-15)
Ubuntu 22.04 LTS:	not-affected (1.3.5+dfsg-15)
Ubuntu 22.10:	not-affected (1.3.5+dfsg-15)
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [1.3.5+dfsg-15])

Patches:

Package

Source: vnc4 (LP Ubuntu Debian)

Upstream:	ignored
Ubuntu 18.04 LTS:	ignored
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	ignored

Patches:

Package

Source: vtk (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [uses system expat])

Patches:

Package

Source: w3c-libwww (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: wbxml2 (LP Ubuntu Debian)

Upstream:	not-affected (uses system expat)
Ubuntu 18.04 LTS:	not-affected (uses system expat)
Ubuntu 20.04 LTS:	not-affected (uses system expat)
Ubuntu 21.10:	not-affected (uses system expat)
Ubuntu 22.04 LTS:	not-affected (uses system expat)
Ubuntu 22.10:	not-affected (uses system expat)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: wxwidgets2.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: wxwidgets2.8 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [uses system expat])

Patches:

Package

Source: wxwindows2.4 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: xmlrpc-c (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (1.16.33-3.1ubuntu6)
Ubuntu 20.04 LTS:	released (1.16.33-3.1ubuntu6)
Ubuntu 21.10:	released (1.16.33-3.1ubuntu6)
Ubuntu 22.04 LTS:	released (1.16.33-3.1ubuntu6)
Ubuntu 22.10:	released (1.16.33-3.1ubuntu6)
Ubuntu 14.04 ESM:	released (1.16.33-3.1ubuntu6)

Patches:

Upstream:

http://xmlrpc-c.svn.sourceforge.net/viewvc/xmlrpc-c?view=revision&revision=2393

Package

Source: xotcl (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (1.6.5-1.2)
Ubuntu 20.04 LTS:	not-affected (1.6.5-1.2)
Ubuntu 21.10:	not-affected (1.6.5-1.2)
Ubuntu 22.04 LTS:	not-affected (1.6.5-1.2)
Ubuntu 22.10:	not-affected (1.6.5-1.2)
Ubuntu 14.04 ESM:	DNE (trusty was not-affected [1.6.5-1.2])

Patches:

Package

Source: xulrunner (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 22.10:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-06-10 12:27:45 UTC (commit 3842cb24bd3a60b6ebbb423eeceeb5b054a4e970)