CMake vulnerabilities

2010-04-1500:00:00

ubuntu.com

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.1%

JSON

Releases

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04

Packages

cmake -

Details

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for CMake.

Original advisory details:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchcmake< 2.6.2-1ubuntu1.1UNKNOWN
Ubuntu9.04noarchcmake-gui< 2.6.2-1ubuntu1.1UNKNOWN
Ubuntu8.10noarchcmake< 2.6.0-4ubuntu2.1UNKNOWN
Ubuntu8.10noarchcmake-gui< 2.6.0-4ubuntu2.1UNKNOWN
Ubuntu8.04noarchcmake< 2.4.7-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.04	noarch	cmake	< 2.6.2-1ubuntu1.1	UNKNOWN
Ubuntu	9.04	noarch	cmake-gui	< 2.6.2-1ubuntu1.1	UNKNOWN
Ubuntu	8.10	noarch	cmake	< 2.6.0-4ubuntu2.1	UNKNOWN
Ubuntu	8.10	noarch	cmake-gui	< 2.6.0-4ubuntu2.1	UNKNOWN
Ubuntu	8.04	noarch	cmake	< 2.4.7-1ubuntu0.1	UNKNOWN