CVE-2018-20843

Priority
Description
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML parser consume a high
amount of RAM and CPU resources while processing (enough to be usable for
denial-of-service attacks).
Ubuntu-Description
It was discovered that the expat library in XXX-PACKAGE-NAME-HERE-XXX
incorrectly handled certain XML files. An attacker could possibly use this
issue to cause a denial of service.
Notes
mdeslaurxmlparse.c doesn't appear to be built in the firefox package
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored (code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (code-not-compiled)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa):ignored (code-not-compiled)
Ubuntu 20.10 (Groovy Gorilla):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored (code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (code-not-compiled)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa):ignored (code-not-compiled)
Ubuntu 20.10 (Groovy Gorilla):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Source: ayttm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Source: cmake (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa):ignored (code-not-compiled)
Ubuntu 20.10 (Groovy Gorilla):ignored (code-not-compiled)
Package
Source: coin3 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):needed
Package
Source: expat (LP Ubuntu Debian)
Upstream:released (2.2.6-2)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.0.1-7.2ubuntu1.6)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.1.0-4ubuntu1.4+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.1.0-7ubuntu0.16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.2.5-3ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa):released (2.2.6-2)
Ubuntu 20.10 (Groovy Gorilla):released (2.2.6-2)
Patches:
Upstream:https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa):ignored (code-not-compiled)
Ubuntu 20.10 (Groovy Gorilla):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Source: poco (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Upstream:not-affected (uses system expat)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Source: smart (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Source: tdom (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa):ignored (code-not-compiled)
Ubuntu 20.10 (Groovy Gorilla):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
Package
Source: vnc4 (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: vtk (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (uses system expat)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system expat)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Source: xotcl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-07-30 14:14:32 UTC (commit 0456c99565c2579b090816bc657579e246545c32)