expat-2.4.9-1.el9.1

エラータID: AXSA:2023-4968:02

Release date: 
Monday, February 6, 2023 - 04:17
Subject: 
expat-2.4.9-1.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.4.9-1.el9.1.src.rpm
    MD5: 171579f70ec635005083d64192f631ff
    SHA-256: b9d9fa1d44f37e21fe1aaf383d0e506ee39d698c5e27b5347fe54c4b78a8f11d
    Size: 7.95 MB

Asianux Server 9 for x86_64
  1. expat-2.4.9-1.el9.1.x86_64.rpm
    MD5: a33762240df308e126ca189a3cd87cf4
    SHA-256: cadff565686ee25be89c8a7924ccbfdd3cd9fdddf663ea07653786f2ee78a1f9
    Size: 115.74 kB
  2. expat-devel-2.4.9-1.el9.1.x86_64.rpm
    MD5: dec2ef250a15b240f24388cb24f45c44
    SHA-256: 72a855420a713f54e03b70504120990ff8ef703769fb1f55c5670e7958391226
    Size: 52.98 kB
  3. expat-2.4.9-1.el9.1.i686.rpm
    MD5: d0331e9a75a777bfda5616988225af79
    SHA-256: 92b4a07b1c077e4b2d776f9dc47e658055eea516417f91669f9c1c644036db4c
    Size: 118.53 kB
  4. expat-devel-2.4.9-1.el9.1.i686.rpm
    MD5: daa2bea3247b47acae2abd131930b1ab
    SHA-256: bc8e5b2d116798ad885bc20904bac9da44d144d3f009ffb7e603b9d5cf40a638
    Size: 52.99 kB