CVE-2012-0876

Priority
Description
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values
without restricting the ability to trigger hash collisions predictably,
which allows context-dependent attackers to cause a denial of service (CPU
consumption) via an XML file with many identifiers with the same value.
Notes
jdstrandRedHat issued https://rhn.redhat.com/errata/RHBA-2012-1250.html for
python as a result of the added XML_SetHashSalt symbol
ebarrettotla uses system expat as of 1.3.5+dfsg-15
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored (code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (code-not-compiled)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored (code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (code-not-compiled)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: ayttm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Source: cmake (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Source: coin3 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Source: expat (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.0.1-7.2ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (2.1.0-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.1.0-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.1.0-1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.1.0-1)
Ubuntu 19.10 (Eoan):not-affected (2.1.0-1)
Patches:
Upstream:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/expat.h?r1=1.80&r2=1.81
Upstream:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.167&r2=1.168
Upstream:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.168&r2=1.169
Upstream:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.169&r2=1.170
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: poco (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:not-affected (uses system expat)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: smart (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: tdom (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Source: tla (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.3.5+dfsg-15])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.3.5+dfsg-15)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5+dfsg-15)
Ubuntu 19.04 (Disco Dingo):not-affected (1.3.5+dfsg-15)
Ubuntu 19.10 (Eoan):not-affected (1.3.5+dfsg-15)
Package
Source: vnc4 (LP Ubuntu Debian)
Upstream:ignored
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.04 (Disco Dingo):ignored
Ubuntu 19.10 (Eoan):ignored
Package
Source: vtk (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:not-affected (uses system expat)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1.16.33-3.1ubuntu5.1])
Ubuntu 14.04 ESM (Trusty Tahr):released ([1.16.33-3.1ubuntu6])
Ubuntu 16.04 LTS (Xenial Xerus):released (1.16.33-3.1ubuntu6)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.16.33-3.1ubuntu6)
Ubuntu 19.04 (Disco Dingo):released (1.16.33-3.1ubuntu6)
Ubuntu 19.10 (Eoan):released (1.16.33-3.1ubuntu6)
Patches:
Upstream:http://xmlrpc-c.svn.sourceforge.net/viewvc/xmlrpc-c?view=revision&revision=2391
Package
Source: xotcl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-10-09 06:14:29 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)