expat-2.2.10-12.el9.2
エラータID: AXSA:2022-3997:08
Release date:
Friday, November 4, 2022 - 03:00
Subject:
expat-2.2.10-12.el9.2
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: integer overflow in copyString() (CVE-2022-25314)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Solution:
Update packages.
CVEs:
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Additional Info:
N/A
Download:
SRPMS
- expat-2.2.10-12.el9.2.src.rpm
MD5: 2276668e9413169dfe030af5845696c6
SHA-256: e9159aa354f8d98801076853d781d9fb62fa9c3a2eb91bfbef398bb22052dc24
Size: 7.92 MB
Asianux Server 9 for x86_64
- expat-2.2.10-12.el9.2.x86_64.rpm
MD5: c9e1653d01121507c1d444bb300c1024
SHA-256: e518ad2ffb201057247c4c1d436c270ae755943489a93ed629d0c40bfa4fd2af
Size: 105.30 kB - expat-devel-2.2.10-12.el9.2.x86_64.rpm
MD5: 52b919e0475b1feeecf3b6646af55793
SHA-256: a66d664e8349579c5c4a6fe207123f8ff669c179ed0d7b130e2fe6cdd189dd9d
Size: 48.07 kB - expat-2.2.10-12.el9.2.i686.rpm
MD5: 91426ffe50979edbffecea427610a74b
SHA-256: 8ddc116b5190e32f1bd07fea08bdd1c9ff4cf6ee72a679226ef5b0c6ed9217ae
Size: 107.79 kB - expat-devel-2.2.10-12.el9.2.i686.rpm
MD5: a21109d559b676360ebcd88e3b892dc2
SHA-256: 0948e4dd93f4f66d7133341390eeba3a6b48b5bfb88714c817018285a34cc642
Size: 48.07 kB
日本語