mingw-expat-2.4.8-2.el8

エラータID: AXSA:2023-5895:01

Release date: 
Wednesday, June 7, 2023 - 09:03
Subject: 
mingw-expat-2.4.8-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.8 Release Notes linked from the References section.

CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Solution: 

Update packages.

CVEs: 
CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. mingw-expat-2.4.8-2.el8.src.rpm
    MD5: a16c53a37950bc24d9c6df0c2cbe217f
    SHA-256: 2dcfe0353e50df14c277530e87234e635054d0af13148de9f0bdb569c55d5e52
    Size: 563.58 kB

Asianux Server 8 for x86_64
  1. mingw32-expat-2.4.8-2.el8.noarch.rpm
    MD5: bd2ba5762dea26e1ba133326ab197f4f
    SHA-256: d40097244d6f732ffdf34f9b0070b154dbedf50e3c61d52b35064df24f4d6749
    Size: 116.63 kB
  2. mingw64-expat-2.4.8-2.el8.noarch.rpm
    MD5: 2fe39daca5e36fc0080ebfb2736d5d3d
    SHA-256: 555394df502a8c1259677b0a4f6a0d6145a9530302315ef35bf6a5244d229035
    Size: 123.20 kB