expat-2.2.5-8.el8.2
エラータID: AXSA:2022-3677:05
Release date:
Monday, August 15, 2022 - 12:28
Subject:
expat-2.2.5-8.el8.2
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: integer overflow in copyString() (CVE-2022-25314)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Solution:
Update packages.
CVEs:
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Additional Info:
N/A
Download:
SRPMS
- expat-2.2.5-8.el8.2.src.rpm
MD5: e38208d460030e4e83d19ac43db7766a
SHA-256: 4fe50daff01066ebaa5f64b45cb1a398e300ae006d91026a7b2542203abfebd8
Size: 7.93 MB
Asianux Server 8 for x86_64
- expat-2.2.5-8.el8.2.x86_64.rpm
MD5: 1d985f5547e3ee21c8cafcd68fcc5118
SHA-256: 0585bf5414c8fb736c5670fb5f242314d109aaf5cd96aa2fbf8a32ca2f3ba30c
Size: 112.26 kB - expat-devel-2.2.5-8.el8.2.x86_64.rpm
MD5: 594f75b5c72f4f302ea92e91c0f8c4a7
SHA-256: ef16347bde0dbc0ffed19831418ad50e484875abd13f7dec7af49460f0a8aa56
Size: 56.03 kB - expat-2.2.5-8.el8.2.i686.rpm
MD5: e36c4376b3b235f8c5c1acc114f253ce
SHA-256: d7a16efafa1657ac91cff578b278bbc7fd11203e4ae0c37b1c72b60efb0357a4
Size: 111.97 kB - expat-devel-2.2.5-8.el8.2.i686.rpm
MD5: 9c6f32660d20bd4f5d999eda7e74b0eb
SHA-256: 2d0fb0b3c5e1c50addb3d89040f7e83f442e70972638407dc4aec66df96fbc53
Size: 56.05 kB
日本語