expat-2.5.0-2.el9_4.1

エラータID: AXSA:2024-8824:05

Release date: 
Tuesday, September 24, 2024 - 15:03
Subject: 
expat-2.5.0-2.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* libexpat: Negative Length Parsing Vulnerability in libexpat (CVE-2024-45490)
* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)
* libexpat: integer overflow (CVE-2024-45492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Solution: 

Update packages.

CVEs: 
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.5.0-2.el9_4.1.src.rpm
    MD5: 9494b77b5fed874087e8203fecc9206d
    SHA-256: 627f3c9cdfabdaa60c4fb86a86d0c80e75659b81320c1ea388624dba65a81cd1
    Size: 7.97 MB

Asianux Server 9 for x86_64
  1. expat-2.5.0-2.el9_4.1.i686.rpm
    MD5: 083bf4022b27c95c07c3a80a282024b7
    SHA-256: 636b16f24f5aded99997c80c0c539abe626c24f7530ac18772a882862d0838ea
    Size: 117.72 kB
  2. expat-2.5.0-2.el9_4.1.x86_64.rpm
    MD5: 28dac37685ecb5b6f7c22fc23e265116
    SHA-256: 529642aa89bf252f4149c484ace1f98ffba00ed9b79d388a8da58912747348a0
    Size: 114.85 kB
  3. expat-devel-2.5.0-2.el9_4.1.i686.rpm
    MD5: 26645fc484428c67bc332a19c06fd6de
    SHA-256: a99e6c4ce2c83188d3e8586cd7532204da9cbf14bf47c00d86734ff1b105518b
    Size: 55.24 kB
  4. expat-devel-2.5.0-2.el9_4.1.x86_64.rpm
    MD5: 7208cd0e62aced4ea186497b8c88cd5d
    SHA-256: 8a54b984bedf1da68b64fd42813aefe288a9053401db718dfdecb4964499ab8c
    Size: 55.23 kB