The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of expat: unsuitable use of pseudo random number generator

Synthesis of the vulnerability 

The change that aimed fix VIGILANCE-VUL-11420.introduced a wrong initialisation of the pseudo random number generator.
Vulnerable software: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Notes by IBM, openSUSE Leap, Slackware, Nessus, Ubuntu.
Severity of this announce: 2/4.
Creation date: 08/06/2016.
Références of this computer vulnerability: 1990421, 1990658, CERTFR-2018-AVI-288, CVE-2012-6702, DLA-508-1, DSA-3597-1, FEDORA-2016-0fd6ca526a, FEDORA-2016-60889583ab, FEDORA-2016-7c6e7a9265, K65460334, openSUSE-SU-2017:0483-1, SSA:2016-359-01, TNS-2018-08, USN-3010-1, USN-3013-1, VIGILANCE-VUL-19837.

Description of the vulnerability 

The change that aimed fix VIGILANCE-VUL-11420.introduced a wrong initialisation of the pseudo random number generator
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity bulletin impacts software or systems such as Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Notes by IBM, openSUSE Leap, Slackware, Nessus, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer vulnerability bulletin.

Solutions for this threat 

Android OS: patch 2016-11-05.
A patch is indicated in information sources.

Debian: new expat packages.
New packages are available:
  Debian 8: expat 2.1.0-6+deb8u3
  Debian 7: expat 2.1.0-1+deb7u4

F5 BIG-IP: fixed versions for Expat.
Fixed versions are indicated in information sources.

Fedora: new expat packages.
New packages are available:
  Fedora 22: expat 2.1.1-2.fc22
  Fedora 23: expat 2.1.1-2.fc23
  Fedora 24: expat 2.1.1-2.fc24

IBM Notes: patch for expat.
A patch is indicated in information sources.

Nessus: version 7.1.1.
The version 7.1.1 is fixed:
  https://www.tenable.com/downloads/nessus

openSUSE Leap: new expat packages.
New packages are available:
  openSUSE Leap 42.1: expat 2.1.0-20.1
  openSUSE Leap 42.2: expat 2.1.0-19.1

Slackware: new expat packages.
New packages are available:
  Slackware 13.0: expat 2.2.0-*-1_slack13.0
  Slackware 13.1: expat 2.2.0-*-1_slack13.1
  Slackware 13.37: expat 2.2.0-*-1_slack13.37
  Slackware 14.0: expat 2.2.0-*-1_slack14.0
  Slackware 14.1: expat 2.2.0-*-1_slack14.1
  Slackware 14.2: expat 2.2.0-*-1_slack14.2

Ubuntu: new expat packages.
New packages are available:
  Ubuntu 16.04 LTS: libexpat1 2.1.0-7ubuntu0.16.04.2
  Ubuntu 15.10: libexpat1 2.1.0-7ubuntu0.15.10.2
  Ubuntu 14.04 LTS: libexpat1 2.1.0-4ubuntu1.3
  Ubuntu 12.04 LTS: libexpat1 2.0.1-7.2ubuntu1.4

Ubuntu: new xmlrpc-c packages.
New packages are available:
  Ubuntu 12.04 LTS: libxmlrpc-c++4 1.16.33-3.1ubuntu5.2, libxmlrpc-core-c3 1.16.33-3.1ubuntu5.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security bulletin. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.