USN-3013-1: XML-RPC for C and C++ vulnerabilities
USN-3013-1: XML-RPC for C and C++ vulnerabilities Ubuntu Security Notice USN-3013-1 20th June, 2016 xmlrpc-c vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in XML-RPC for C and C++. Software description xmlrpc-c – Lightweight RPC library based on XML and HTTP Details It was discovered that the Expat code in XML-RPC for C and C++ unexpectedlycalled srand in certain circumstances. This could reduce the security ofcalling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectlyhandled seeding the random number generator. A remote attacker couldpossibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++incorrectly handled malformed XML data. If a user or application linkedagainst XML-RPC for C [ more… ]
