[Bug 1048835] Re: [Quantal] xmlrpc-c is vulnerable to CVE-2012-0876 and CVE-2012-1148

[Launchpad Bug Tracker]

This bug was fixed in the package xmlrpc-c - 1.16.33-3.1ubuntu6

---------------
xmlrpc-c (1.16.33-3.1ubuntu6) quantal; urgency=low

  * Run the tests as part of the build process
    - debian/patches/FTBFS-tests.patch: Fix issues when running make check.
      Based on upstream patches.
    - debian/rules: Run make check after building
  * Fix dependencies of xmlrpc-api-utils
    - debian/control: xml-rcp-api2cpp needs libxmlrpc_cpp.so.4, so depend on
      libxmlrpc-c++4
  * SECURITY UPDATE: Denial of service via hash collisions (LP: #1048835)
    - debian/patches/CVE-2012-0876.patch: Add random salt value to
      hash inputs. Based on upstream patch.
    - CVE-2012-0876
  * SECURITY UPDATE: Denial of service via memory leak (LP: #1048835)
    - debian/patches/CVE-2012-1148.patch: Properly reallocate memory.
      Based on upstream patch.
    - CVE-2012-1148
 -- Tyler Hicks <tyhicks at canonical.com>   Mon, 10 Sep 2012 14:57:29 -0700

** Changed in: xmlrpc-c (Ubuntu Quantal)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to xmlrpc-c in Ubuntu.
https://bugs.launchpad.net/bugs/1048835

Title:
  [Quantal] xmlrpc-c is vulnerable to CVE-2012-0876 and CVE-2012-1148

Status in “xmlrpc-c” package in Ubuntu:
  Fix Released
Status in “xmlrpc-c” source package in Quantal:
  Fix Released

Bug description:
  XML-RPC for C and C++ could be made to cause a denial of service by
  consuming excessive CPU and memory resources.

  Here is the USN for the stable releases:

  http://www.ubuntu.com/usn/usn-1527-2/

  and the security team CVE tracker links:

  http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0876
  http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1148

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmlrpc-c/+bug/1048835/+subscriptions