Arch Linux Security Advisory ASA-201605-23 ========================================== Severity: Critical Date : 2016-05-18 CVE-ID : CVE-2015-1283 CVE-2016-0718 Package : lib32-expat Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-expat before version 2.1.1-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.1.1-2. # pacman -Syu "lib32-expat>=2.1.1-2" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2015-1283 (arbitrary code execution) Multiple integer overflows in the XML_GetBuffer function allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this update refreshes the fix to avoid relying on undefined behavior. - CVE-2016-0718 (arbitrary code execution) The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Impact ====== A remote attacker is able to use a specially crafted XML file that, when processed, is leading to arbitrary code execution. References ========== https://access.redhat.com/security/cve/CVE-2015-1283 https://access.redhat.com/security/cve/CVE-2016-0718 http://seclists.org/oss-sec/2016/q2/360